Access control system and access control method using the same

ABSTRACT

Disclosed herein are an access control system and an access control method using the same. The access control method in which a door operating device determines whether to open a door on the basis of an authentication token acquired from a user terminal without intervention of an authentication server includes obtaining the authentication token from the user terminal; determining whether the user have authorization for accessing the door based on a authentication information included in the authentication token; controlling the door to be opened in case of determined that the user have authorization for accessing the door.

CROSS-REFERENCE TO RELATED APPLICATION

This application claims priority to and the benefit of Korean PatentApplication No. 10-2017-0113565, filed on Sep. 5, 2017, Korean PatentApplication No. 10-2017-0113566, filed on Sep. 5, 2017, Korean PatentApplication No. 10-2017-0113567, filed on Sep. 5, 2017 and Korean PatentApplication No. 10-2017-0113568, filed on Sep. 5, 2017, the disclosureof which is incorporated herein by reference in its entirety.

BACKGROUND 1. Field of the Invention

The present invention relates to an access control system and an accesscontrol method using the same.

2. Discussion of Related Art

An access control system is a system that recognizes and managesvisitors who intend to access a specific space through a door. Accesscontrol systems are being widely used in typical offices and houses aswell as in access restricted facilities with high security.

A conventional authentication method used in such an access controlsystem includes an authentication method using a magnetic card, a smartcard, contactless smart card, etc., and an authentication method usingbiometric information such as a fingerprint and an iris of a visitor.

In such a conventional authentication method, a visitor may access adoor only after the visitor performs authentication through anauthentication device installed near the door. As described above,authentication needs to be performed through a separate authenticationdevice. Thus, when there are a plurality of visitors, it takes a longtime to perform authentication. In addition, there is an inconveniencein that a user needs to always carry a separate authentication meanssuch as a magnetic card, etc., and also there is a difficulty in that,when such an authentication means is lost, an unauthorized visitor whosteals the separate authentication means can access the door.

Also, in the conventional authentication method, the authentication isperformed only by means of a control server that collectively handlesauthentication devices installed near a door. Thus, it is impossible toaccess the door when communication between the control server and theauthentication devices installed near the door is disconnected or whenthe control server is disabled.

Recently, in order to overcome such a difficulty, efforts are being madeto enhance user convenience and also to increase security of an accesscontrol system.

SUMMARY OF THE INVENTION

The present invention is directed to providing an access control systemcapable of increasing its security while increasing a user's convenienceand an access control method using the same.

Technical problems intended to be solved by the invention are notlimited to the aforementioned problem, and other technical problems thatare not described herein will be clearly understood by those skilled inthe art from the following description and the accompanying drawings.

According to an aspect of the present invention, there is provided anaccess control method in which a door operating device determineswhether to open a door on the basis of an authentication token acquiredfrom a user terminal without intervention of an authentication server,the access control method including obtaining the authentication tokenfrom the user terminal; determining whether the user have authorizationfor accessing the door based on a authentication information included inthe authentication token; controlling the door to be opened in case ofdetermined that the user have authorization for accessing the door.

According to another aspect of the present invention, there is providedan access control method including obtaining an authentication tokenfrom a user terminal by a first door operating device, which is providedat a first door among the plurality of doors; determining whether theuser terminal has authority to access the first door on the basis ofauthentication information included in the authentication token by thefirst door operating device; Unlocking the first door when the userterminal has the authority to access the first door by the first dooroperating device; obtaining the authentication token from the userterminal by a second door operating device, which is provided at asecond door among the plurality of doors; determining whether the userterminal has authority to access the second door on the basis of theauthentication information included in the authentication token by thesecond door operating device; and unlocking the second door when it isdetermined that the user terminal has the authority to access the seconddoor by the second door operating device.

According to still another aspect of the present invention, there isprovided a non-transitory recording medium having a program recordedthereon for executing the above-described method.

According to still another aspect of the present invention, there isprovided a door operating device configured to determine whether to opena door on the basis of an authentication token acquired from a userterminal without intervention of an authentication server, the dooroperating device including a door communication unit configured toacquire the authentication token from the user terminal; a door drivingunit configured to provide power necessary to open the door; and a doorcontrol unit configured to determine whether the user terminal hasauthority to access the door on the basis of authentication informationincluded in the authentication token and configured to control the doordriving unit to open the door when it is determined that the userterminal has the authority to access the door.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and other objects, features and advantages of the presentinvention will become more apparent to those of ordinary skill in theart by describing in detail exemplary embodiments thereof with referenceto the accompanying drawings, in which:

FIG. 1 is a block diagram of an access control system according to anembodiment of the present invention;

FIG. 2 is a block diagram of an authentication server according to anembodiment of the present invention;

FIG. 3 is a block diagram of a terminal according to an embodiment ofthe present invention;

FIG. 4 is a block diagram of a door operating device according to anembodiment of the present invention;

FIG. 5 is an example diagram of a table indicating a data structure ofinformation included in an authentication token according to anembodiment of the present invention;

FIG. 6 is a flowchart of a user registration method according to anembodiment of the present invention;

FIG. 7 is a flowchart of an authentication token issuance methodaccording to an embodiment of the present invention;

FIG. 8 is a surrounding view for a door opening control method accordingto an embodiment of the present invention;

FIG. 9 is a sequence chart of a door opening control method according toan embodiment of the present invention;

FIG. 10 is a surrounding view of an access status management methodaccording to an embodiment of the present invention;

FIG. 11 is a flowchart showing an access status management methodaccording to an embodiment of the present invention;

FIG. 12 is a sequence chart showing a first modification of the accessstatus management method according to an embodiment of the presentinvention;

FIG. 13 is a sequence chart showing a second modification of the accessstatus management method according to an embodiment of the presentinvention;

FIG. 14 is a sequence chart showing a third modification of the accessstatus management method according to an embodiment of the presentinvention;

FIG. 15 is a sequence chart showing a fourth modification of the accessstatus management method according to an embodiment of the presentinvention;

FIG. 16 is a sequence chart showing a fifth modification of the accessstatus management method according to an embodiment of the presentinvention;

FIG. 17 is a surrounding view of a door with a hierarchical structureaccording to a sixth modification of the present invention;

FIG. 18 is a sequence chart showing the sixth modification of the accessstatus management method according to an embodiment of the presentinvention;

FIG. 19 is a surrounding view of a forcible authority change methodaccording to an embodiment of the present invention;

FIG. 20 is a sequence chart showing a forcible authorization changemethod according to an embodiment of the present invention;

FIG. 21 is an example diagram showing operations of a door operatingdevice according to an embodiment of the present invention in a generalsituation and a situation in which an exceptional event occurs;

FIG. 22 is a surrounding view of a region-linked security methodaccording to an embodiment of the present invention;

FIG. 23 is a sequence chart showing a region-linked security methodaccording to an embodiment of the present invention;

FIG. 24 is a sequence chart showing a first modification of theregion-linked security method according to an embodiment of the presentinvention; and

FIG. 25 is a flowchart showing a second modification of theregion-linked security method according to an embodiment of the presentinvention.

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS

The above objects, features, and advantages of the present inventionwill become more apparent from the following detained description takenin conjunction with the accompanying drawings. However, the presentinvention may be variously modified and have several embodiments.Therefore, specific embodiments will be shown in and described withreference to the accompanying drawings.

In the figures, the thickness of layers and regions is exaggerated forclarity. Also, when it is mentioned that an element or layer is “on”another element or layer, the element or layer may be formed directly onanother element or layer, or a third element or layer may be interposedtherebetween. Like reference numerals refer to like elements throughoutthe specification. Also, the same reference numerals are used todesignate elements having the same functions in the same spirit rangeshown in the drawings of each embodiment.

Moreover, detailed descriptions about well-known functions orconfigurations associated with the present invention will be ruled outin order not to unnecessarily obscure subject matters of the presentinvention. It should also be noted that, although ordinal numbers (suchas first and second) are used in the following description, they areused only to distinguish similar components.

The suffixes “module” and “unit” for elements used in the followingdescription are given or used interchangeably only for facilitation ofpreparing this specification, and thus they are not assigned a specificmeaning or function.

1. Definition of Terms

The terms used therein will be described as follows.

(1) Door

A door may block or allow passage through one area. A door may include adoor frame and a door leaf. A door frame may be a fixed element thatdefines an area where passage is to be blocked or allowed. A door leafis an element having a changing position due to an external force.Depending on the position, a place where passage is blocked or allowedmay be changed. The change in position of the door leaf may have acomprehensive meaning including rotational movement as well as movementof the entire door leaf. In this specification, such a door frame anddoor leaf will be collectively referred to as a door. Accordingly, inthis specification, movement and change in position of a door may referto movement and change in position of a door leaf.

(2) Closing/Opening of Door

The closing of a door may refer to a state in which a door leaf islocated at a position where passage to an area defined by a door frameis blocked, and the opening of a door may refer to a state in which adoor leaf is located at a position where a space for passing through anarea defined by a door frame is secured. A door state change used hereinmay refer to at least one of a change from an open state to a closedstate and a change from a closed state to an open state.

Also, a door closing operation may refer to a process of moving a doorleaf from an open position to a closed position, and a door openingoperation may refer to a process of moving a door leaf from a closedposition to an open position.

Also, in this specification, the opening and closing of a door mayinclude a state in which the door can be opened by an unlockingoperation as well as by a change in state corresponding to movement of adoor leaf or a state in which the door cannot be opened. Accordingly, insome embodiments of the present invention, the closing of a door mayrefer to a state in which the door is locked, and the opening of a doormay refer to a state in which the door is unlocked.

In an embodiment of the present invention, the closing and opening of adoor and the locking and unlocking of a door may be independent of eachother.

For example, even though a door is not closed, an obstacle may beprovided by a locking unit. As another example, even though a door isunlocked, a door leaf may be located at a closed position. Accordingly,a closed state of a door is not necessarily limited to a locked state,and an opened state of a door is not necessarily limited to an unlockedstate.

(3) Locking/Unlocking of Door

Locking and unlocking may relate to whether a door can be opened.

The locking of a door may denote that an external force, an obstacle, orthe like is provided so that the door cannot be opened, and theunlocking of a door may denote that an external force, an obstacle, orthe like that has been provided is removed so that the door can beopened.

Also, a door locking operation may refer to a process of providing anexternal force and/or an obstacle so that a door cannot be opened, and adoor unlocking operation may refer to a process of removing an externalforce and/or an obstacle that has been provided so that a door cannot beopened.

(4) Access

An access may denote that a user passes through a space defined by adoor frame. An access may include an entry in which a user carrying aterminal moves from an outer side to an inner side with respect to adoor and an exit in which a user carrying a terminal moves from an innerside to an outer side with reference to a door.

(5) Inner Side/Outer Side with Respect to Door

An inner side with respect to a door may denote a region in which aperson with no access authority is restricted from entering through thedoor, and an outer side with respect to a door may denote an oppositeside of the inner side with respect to the door. For example, anauthorized user, who has access authority for a specific door, can enterthe inner side from the outer side with respect to the door according toembodiments of the present invention. However, an unauthorized person,who does not have the access authority, cannot enter the inner side fromthe outer side with respect to the door according to embodiments of thepresent invention.

(6) Token

In this specification, a token may be data of a predetermined formatincluding at least some information used in an access control system. Inthis specification, a token may be classified into an authenticationtoken, an update token, and so on depending on its use. Theauthentication token and the update token may have the same type butcontain different information. However, the authentication token and theupdate token need not always have the same format. Depending on theembodiment, the authentication token and the update token may beprovided in different formats. In this specification, the type of tokenmay be classified according to the intended use of the token, such as anauthentication token and an update token, and the format of token may beany format determined by a service provider and may also include formatssuch as JSON Web Token (JWT), Security Assertion Markup Language (SAML),and eXtensible Rights Markup Language (XrML).

(7) User Identification Information

User identification information may be information for an access controlsystem 10000 of the present invention to identify a specified user amonga plurality of users. For example, user identification information maybe identification information uniquely assigned to a user, such as anID.

(8) User Information

User information may be information used to generate the above-describeduser identification information. For example, user information ispersonal information of a user and may be information that is typicallyrequired to authenticate the user such as a resident registrationnumber, a date of birth, an address, an employee identification number,and a phone number.

(9) Terminal Identification Information

Terminal identification information may be information for identifying aspecified user terminal among a plurality of user terminals. Forexample, terminal identification information may include at least one ofa Universal Unique Identifier (UUID), a Unique Identifier (UID), an IPaddress, a MAC address, a CPU (MCU) serial number or HDD serial number,and a communication number of a terminal.

(10) Door Identification Information

Door identifier information may be information for identifying aspecified door among a plurality of doors. For example, dooridentification information may be at least one of identificationinformation assigned to a door and identification information assignedto a door operating device. The door identification information may bestored in a door storage unit. Also, according to some embodiments ofthe present invention, the door authentication information may beincluded in the authentication token.

2. System Configuration

FIG. 1 is a block diagram of an access control system 10000 according toan embodiment of the present invention.

Referring to FIG. 1, the access control system 10000 may include anauthentication server 1000, a terminal 2000, a door operating device3000, a door 4000, and a third-party authentication server 5000.

The authentication server 1000 may be connected to an externalelectronic device. Hereinafter, a specific device being connected toanother device may at least denote that a specific device is at leastphysically, electrically, or communicably connected to another device.In the above example, the authentication server 1000 being connected tothe external electronic device denotes that the authentication server1000 and the external electronic device are communicably connected toeach other. For example, this may mean that the authentication server1000 and the external electronic device can transmit and receive data toand from each other.

According to some embodiments of the present invention, theauthentication server 1000 may be connected to the terminal 2000. Also,according to some embodiments of the present invention, theauthentication server 1000 may be connected to the third-partyauthentication server 5000. Although not shown in FIG. 1, according tosome embodiments of the present invention, the authentication server1000 may be connected to an office-specific electronic device 6000, ahotel controller 7000, or the like. According to an embodiment of thepresent invention, the authentication server 1000 may performauthentication.

The authentication server 1000 may perform authentication on a user ofthe terminal 2000. Alternatively, the authentication server 1000 mayperform authentication on the terminal 2000 itself.

The terminal 2000 may be connected to the authentication server 1000 andthe door operating device 3000. The terminal 2000 may provide datanecessary to register and authenticate the user to the authenticationserver 1000. Also, the terminal 2000 may transmit data necessary to makea request to open a door to the door operating device 3000 and mayacquire data regarding a result of the opening request from the dooroperating device 3000. In addition, the terminal 2000 may transmit andreceive various data to and from the authentication server 1000 and thedoor operating device 3000.

Also, the terminal 2000 may provide an application for performing someembodiments, which will be described below.

Also, the terminal 2000 may be, for example, a smartphone, a tablet, anotebook, a wearable device, etc. As another example, the terminal 2000may be a smart card, an integrated circuit (IC) card, a magnetic card,and a radio frequency (RF) chip.

Also, the terminal 2000 may be classified into a user terminal 2000 aand a manager terminal 2000 b depending on the role.

The door operating device 3000 may control the opening or closing of adoor 4000.

For example, the door operating device 3000 may be installed in the door4000 to control the door 4000 to be locked or unlocked. The dooroperating device 3000 is not necessarily installed in a door and may beselectively provided in various forms. For example, the door operatingdevice 3000 may be installed on a wall adjacent to a door to provide orwithdraw an obstacle to or from the door. Also, when the door 4000 is anautomatic door, the door operating device 3000 may change the locationof a door leaf to open or close the door 4000.

Also, the door 4000 may block or allow passage to one area.

Also, the state of the door 4000 may be changed by the door operatingdevice 3000.

Also, according to some embodiments of the present invention, aplurality of door operating devices 3000 may be connected to each other.For example, as shown in FIG. 1, a first door operating device 3000 aand a second door operating device 3000 b may be connected to eachother. Also, a larger number of door operating devices 3000 than thenumber shown in FIG. 1 may be connected to each other. Also, not all ofthe plurality of door operating devices 3000 are necessarily connectedwith each other, but they may be sequentially connected and provided.For example, the first door operating device 3000 a may be connected tothe second door operating device 3000 b, and the second door operatingdevice 3000 b may be connected to a third door operating device (notshown). Also, depending on the case, the plurality of door operatingdevices 3000 may be connected in parallel to one door operating device3000. The connection between the plurality of door operating devices3000 is not limited to the above examples, and may be selectivelyprovided in various forms.

Also, the connection between the plurality of door operating devices3000 is not essential. According to some embodiments of the presentinvention, the plurality of door operating devices 3000 may not beconnected to each other.

However, the block diagram shown in FIG. 1 is only an example intendedfor convenience of description and is not limited thereto. According tosome embodiments of the present invention, an element may be added tothe block diagram of FIG. 1, and the elements shown in FIG. 1 may beexcluded or subdivided.

FIG. 2 is a block diagram of the authentication server 1000 according toan embodiment of the present invention.

Referring to FIG. 2, the authentication server 1000 may include a servercommunication unit 1100, a server input unit 1200, a server storage unit1300, a server display unit 1400, and a server control unit 1500.

The server communication unit 1100 may connect the authentication server1000 with an external electronic device. That is, the servercommunication unit 1100 may transmit or receive data to or from theexternal electronic device. Also, the server communication unit 1100 maymaintain or release the communication connection to the terminal 2000 ifnecessary. Also, depending on the embodiment, the server communicationunit 1100 may be provided so that the connection to the terminal 2000 ismaintained on a regular basis.

Also, the server communication unit 1100 may be a communication modulefor supporting at least one of a wired communication method and awireless communication method.

The server input unit 1200 may acquire an electric signal correspondingto a user input. For example, the server input unit 1200 may include akeypad, a keyboard, a switch, a button, and a touchscreen.

The server storage unit 1300 may store data.

For example, the server storage unit 1300 may store data acquired fromthe terminal 2000. As another example, the server storage unit 1300 maystore a program necessary to operate the authentication server 1000.

The server display unit 1400 may output visual information.

For example, the server display unit 1400 may be a liquid crystaldisplay (LCD), an organic light-emitting diode (OLED) display, anactive-matrix organic light-emitting diode (AMOLED) device, etc.

The server control unit 1500 may collectively handle the operation ofthe authentication server 1000.

The authentication server 1000 according to the present invention doesnot necessarily have to include all of the above elements, and some ofthe elements may be selectively excluded. For example, when theauthentication server 1000 does not provide direct visual information,the server display unit 1400 may be excluded from the authenticationserver 1000. Also, an element for performing an additional function oroperation may be selectively provided to the authentication server 1000.

FIG. 3 is a block diagram of the terminal 2000 according to anembodiment of the present invention.

Referring to FIG. 3, the terminal 2000 may include a terminalcommunication unit 2100, a terminal display unit 2200, a terminal inputunit 2300, a location information collection unit 2400, a terminalstorage unit 2500, and a terminal control unit 2600.

The terminal communication unit 2100 may connect the terminal to anexternal electronic device. As an example, the terminal communicationunit 2100 may connect a user terminal 2000 a to external electronicdevices such as the authentication server 1000, the door operatingdevice 3000, and the third-party authentication server 5000. Also, theterminal communication unit 2100 may be a communication module forsupporting wired and/or wireless communication.

The terminal display unit 2200 may output visual information.

When the terminal display unit 2200 may be provided as a touch screen,the terminal display unit 2200 may function as the terminal input unit2300. In this case, a separate terminal input unit 2300 may selectivelynot be provided, and a terminal input unit 2300 configured to perform alimited functions using buttons such as a volume control button, a powerbutton, and a home button, may be provided.

The terminal input unit 2300 may acquire a signal corresponding to auser input.

The terminal input unit 2300 may be implemented as, for example, akeyboard, a keypad, a button, a jog dial, or a wheel.

Also, the user input may be, for example, a button press, a touch, or adrag.

When the terminal display unit 2200 may be provided as a touch screen,the terminal display unit 2200 may serve as the terminal input unit2300.

The location information collection unit 2400 may acquire locationinformation used by the terminal 2000 to determine its location. Forexample, the location information collection unit 2400 may be a moduleconfigured to acquire coordinate information for performing locationdetermination such as a GPS module.

The terminal storage unit 2500 may store data.

The terminal storage unit 2500 may be implemented as, for example, aflash memory, a random access memory (RAM), a read-only memory (ROM), asolid-state drive (SSD), a secure digital (SD) card, or an optical disk.

The terminal storage unit 2500 may store data necessary to operate theterminal 2000.

The terminal control unit 2600 may collectively handle the operation ofthe terminal 2000.

FIG. 4 is a block diagram of the door operating device 3000 according toan embodiment of the present invention.

Referring to FIG. 4, the door operating device 3000 may include a doorcommunication unit 3100, a door display unit 3200, a door voice outputunit 3300, a door sensor unit 3400, a door storage unit 3500, a doordriving unit 3600, and a door control unit 3700.

The door communication unit 3100 may be a communication module capableof communicating with an external electronic device.

The door communication unit 3100 may connect the door operating device3000 to the terminal 2000.

The door communication unit 3100 may establish communication in awireless communication method. For example, the door communication unit3100 may be a communication module configured to support wirelessInternet interfaces such as Wireless LAN (WLAN), Wireless Fidelity(WiFi), and WiFi Direct and wireless communication methods such asBluetooth, Bluetooth Low Energy (BLE), and Infrared Data Association(IrDA). Also, the door communication unit 3100 may be a reader capableof reading information from an external electronic device such as an RFreader, an IC reader, and a magnetic reader.

The door display unit 3200 may output visual information.

The door display unit 3200 may output information that will be visuallyprovided to the user. When the door display unit 3200 includes a touchpanel, the door display unit 3200 may operate as a touch input device.

The door voice output unit 3300 may output information that will beauditorily provided to the user.

For example, the door voice output unit 3300 may be a speaker and abuzzer configured to output sound.

The door sensor unit 3400 may acquire an external environment signalrequired by the door operating device 3000. For example, the door sensorunit 3400 may acquire a signal regarding a distance from a user, anobject, or the like. As another example, the door sensor unit 3400 mayacquire a signal necessary to determine the location of a door leaf.

The door storage unit 3500 may store a program for performing a controloperation of the door control unit 3700 and may store data received froman external source, data generated by the door control unit 3700, etc.

The door driving unit 3600 may provide power necessary to lock or unlockthe door leaf. Also, when the door 4000 is implemented as an automaticdoor, the door driving unit 3600 may provide power necessary to open orclose the door leaf.

The door driving unit 3600 may be provided as a motor, a solenoid, or anactuator.

When the door driving unit 3600 provides power necessary to lock orunlock the door leaf, the door driving unit 3600 may provide power sothat a locking unit (not shown) is maintained and/or changed from alocked state to an unlocked state. The locking unit may be provided as,for example, a deadbolt, a latch bolt, or a combination thereof. Also,the locking unit is not limited to the deadbolt and latch bolt that havebeen described as an example, and typical locking units may be used asthe locking unit.

The door control unit 3700 controls the overall operation of the dooroperating device 3000.

The door control unit 3700 may control operations of some elementsincluded in the door operating device 3000. Also, the door control unit3700 may acquire signals from some elements included in the dooroperating device 3000. Also, among steps that will be described in thefollowing methods, the door control unit 3700 may control operations forperforming some steps performed by the door operating device 3000 or mayexecute calculations necessary to perform the steps.

The access control system 10000 associated with various embodiments ofthe present invention, the elements, operations, and terms included inthe access control system 10000, etc. have been described above. Theabove-described access control system 10000, the elements, operations,and terms included in the access control system 10000, etc. will beapplied to various methods and embodiments which will be describedbelow. However, it should be noted that the following access controlsystem 10000 need not necessarily be configured to have theabove-described elements and functions and may be applied even to anaccess control system having a different configuration from theabove-described access control system 10000.

3. Authentication Token and Update Token

Overview of Authentication Token

An authentication token is data that is issued to an issuance target bythe authentication server 1000 and may be data that may be used todetermine authority assigned to the issuance target. Here, the issuancetarget may include at least one of the user and the terminal 2000. Theissuance target may be classified into the user and the terminal 2000,but the authentication token may be issued by transmitting theauthentication token to the terminal 2000.

The authentication token may include various information, andinformation included in the authentication token will be described indetail with reference to FIG. 5.

FIG. 5 is an example diagram of a table indicating a data structure ofinformation included in an authentication token according to anembodiment of the present invention.

Referring to FIG. 5, the authentication token according to someembodiments of the present invention may include at least one ofauthentication information, which indicates the authority assigned tothe issuance target, validity conditions, issuer information, andrecipient information. However, FIG. 5 is just an example intended forconvenience of description, and the authentication token of the presentinvention is not limited thereto. Selectively, some information may beexcluded therefrom, or various additional information may be addedthereto.

Various information that may be included in the authentication tokenwill be described below in detail.

According to some embodiments of the present invention, theauthentication token may include authentication information.

According to some embodiments of the present invention, theauthentication information may be information that is used to determinewhether the issuance target has access authority for a specific dooramong at least one or more doors 4000.

Also, according to some embodiments of the present invention, theauthentication information may be information that is used to determinewhether the issuance target has access authority for a specific spaceamong at least one or more spaces. Thus, when authority for a space isassigned, authority for everything provided in the space may beassigned.

Also, according to some embodiments of the present invention, theauthentication information may be information that is used to determinewhether the issuance target has authority to use a function or anelectronic device. Here, the function relates to a service provided byan electronic device and may include, for example, an e-mail function, aweb surfing function, and functions of using and editing a UniversalSerial Bus (USB) device. Also, when the authority for the function isincluded in the authentication information, the authenticationinformation may be used to determine whether the issuance target hasauthority to view a mail, whether the issuance target has authority tosend a mail, whether the issuance target has authority to use a USBport, or the like. Also, the electronic device may refer to anoffice-specific electronic device such as a personal computer (PC), aprinter, and a facsimile machine, or an electronic device used in ahotel room or a home room such as a lamp, an air conditioner, a heater,and a television.

According to an embodiment, the authentication information may begenerated on the basis of authority that is set for the issuance target.

According to some embodiments of the present invention, theauthentication server 1000 may prestore the authority that is set forthe issuance target. The authentication server 1000 may acquireauthority setting information indicating which authority is set for theissuance target from a manager terminal 2000 b and may set the authorityfor the issuance target on the basis of the acquired authority settinginformation. The authority setting information is not necessarilyacquired through the manager terminal 2000 b, but may be acquired invarious ways depending on the embodiment. For example, theauthentication server 1000 may acquire the authority setting informationfrom a manager through the server input unit 1200.

When the issuance target is a user, the authentication server 1000 mayset authority for each pre-registered user and may store the setauthority. Also, when the issuance target is the terminal 2000, theauthentication server 1000 may set and store authority for eachpre-registered terminal 2000.

The setting of authority does not necessarily have to be performed foreach individual issuance target, but may be selectively performed foreach issuance target group. For example, when issuance targets aregrouped on a grade basis, a first type of authority may be set for allissuance targets grouped as grade A, and a second type of authority maybe set for all issuance targets grouped as grade B.

On the basis of the set authority, authentication information to beincluded in authentication information may be determined.

The authentication information according to some embodiments of thepresent invention may include at least one of information regardingauthority to access a door and information regarding authority to use afunction or an electronic device.

When the authentication information is information regarding authorityto access a door, the authentication information may include at leastone of door identification information and an authority value.

The door identification information may include at least a portion ofdoor identification information included in a pre-stored dooridentification information list.

The authentication information may include authorized dooridentification information. Alternatively, the authenticationinformation may include all door identification information registeredin the authentication server 1000.

The authentication information may include an authority valuecorresponding to the door identification information. The authorityvalue may be classified into a value indicating that authority isassigned and a value indicating that there is no authority. For example,as shown in FIG. 5, the authentication token may include “first door,”which is identification information of a first door, and “1,” which isan authority value indicating that authority for the first door isassigned. As another example, as shown in FIG. 5, the authenticationtoken may include “second door,” which is identification information ofa second door, and “0,” which is an authority value indicating thatthere is no authority.

The authority value of the authentication token according to someembodiments may be omitted. In this case, when a door operating device3000 receives an authentication token, the door operating device 3000may determine whether the authority token has authority on the basis ofwhether identification information of the door operating device 3000 orthe door 4000 is included in the authentication token. For example, whenthe identification information of the door operating device 3000 thathas received the authentication or the identification information of thedoor 4000 is included in the authentication token, the door operatingdevice 3000 may determine that the authentication token has authority.

The authentication information according to some embodiments may beinformation regarding authority to use a function.

The authentication information may include that of an authorizedfunction and electronic device. Alternatively, the authenticationinformation may include that of a function and an electronic deviceregistered in the authentication server 1000.

Even in this case, like the embodiments of the door operating device3000, the authentication information may include identificationinformation for identifying a function and an electronic device. Also,the authentication information may include an authority value indicatingwhether authority for the function and the electronic device is presentor not.

Also, the authentication token may include an authentication validitycondition.

The authentication token may have a limited period of time in which theauthentication token is determined as being valid after being issued. Towhat time point the authentication token is valid may vary depending onthe authentication validity condition.

According to some embodiments of the present invention, whether theauthentication token is valid may be determined by at least one of theterminal 2000 and the door operating device 3000. Also, whether theauthentication token is valid may be determined on the basis of avalidity condition.

Also, the authentication token may further include authentication tokenstate information indicating whether the authentication token is validor has expired. The authentication token state information may bechanged depending on whether the authentication token is valid or hasexpired.

According to some embodiments of the present invention, when it isdetermined that the authentication token has expired, the terminal 2000may set the authentication token state information to expire. Also,according to some embodiments of the present invention, when it isdetermined that the authentication token has expired, the terminal 2000may refuse to transmit the authentication token to the door operatingdevice 3000.

The authentication validity condition of the authentication tokenaccording to some embodiments of the present invention will be describedbelow as an example.

The validity condition of the authentication token is a condition thatis used to determine whether the authentication token is valid, and theauthentication validity condition may include at least one of a validperiod, the location of the user terminal, the number of times of use,and a request from the authentication server. The authenticationvalidity condition may be provided in a combination of variousconditions. In this case, when all the conditions are satisfied, it maybe determined that the authentication token is valid. Alternatively,when at least one of the conditions is satisfied, it may be determinedthat the authentication token is valid,

The validity conditions may be equally applied to all authenticationtokens. Also, depending on the selection, the validity conditions may bedifferently assigned for each issuance target or for each grade.

The validity condition of the authentication token according to someembodiments of the present invention may be a valid period. Here, thevalid period may indicate a predetermined period of time in which theauthentication token can be valid. As an example, the valid period maybe initiated when the token is issued. Also, the predetermined period oftime may be preset by the authentication server.

For example, the authentication token may include a valid periodindicating that the authentication token was valid for six hours fromthe issuance time. The authentication token may include time informationregarding the issuance time and information regarding for how long theauthentication token is valid after the issuance time. An entity fordetermining validity of the authentication token may determine whetherthe authentication token is valid on the basis of whether the validperiod has been exceeded since the issuance time with respect to acurrent time at which whether the authentication token is valid isdetermined. In more detail, it is assumed that the issuance time of theauthentication token is 0:00 am and the validity condition is that acurrent time be within six hours from the issuance time. In this case,when the current time at which whether the authentication token is validis determined is 5:00 am, the door operating device 3000 may determinethat the authentication token is valid. When the current time at whichwhether the authentication token is valid is determined is 7:00 am, thedoor operating device 3000 may determine that the authentication tokenis not valid. Here, the validity determining entity is an element fordetermining whether the authentication token is valid and may be atleast one of the authentication server 1000, the terminal 2000, and thedoor operating device 3000.

As another example, the authentication token may include elapsed timeinformation for determining how much time has passed since the issuancetime. When a value corresponding to the elapsed time informationgradually increases and reaches a threshold indicating expiration, itmay be determined that the authentication token has expired. Dependingon the selection, when the value corresponding to the elapsed timeinformation gradually decreases and reaches a threshold, it may bedetermined that the authentication token has expired.

According to some embodiments of the present invention, the validitycondition of the authentication token may be a location.

When the validity condition is a location, the authentication token maybe valid only at a predetermined location. That is, when the userterminal is outside of the predetermined location, it may be determinedthat the authentication token has expired. When the validity conditionof the authentication token is a location, whether the authenticationtoken is valid may be determined on the basis of location informationacquired from the location information collection unit 2400.

When the determining entity is the authentication server 1000 and thedoor operating device 3000 rather than the terminal 2000, the terminal2000 may provide location information to the determining entity so thatthe determining entity can determine whether the authentication token isvalid on the basis of the location information of the terminal 2000. Thelocation information may be at least one of the location of the terminalat a time point when the authentication token was issued and a currentlocation of the terminal.

For example, when a location range included in the validity condition iswithin 100 m from a company building and a location where theauthentication token is issued is out of the location range included inthe validity condition, the door operating device 3000 may determinethat the authentication token is not valid.

As another example, when a location range included in the validitycondition is within 100 m from a company building, the door operatingdevice 3000 may compare the location information acquired from theterminal 2000 to the location range included in the validity condition.When the acquired location information is out of the location rangeincluded in the validity condition, the door operating device 3000 maydetermine that the authentication token is not valid.

As still another example, when it is determined that the currentlocation information is out of the location range included in thevalidity condition, the terminal 2000 may determine that theauthentication token has expired and may change the state of theauthentication token to an expired state.

The location range included in the validity condition may be differentlyassigned for each issuance target or for each grade.

Also, the predetermined location may refer to one point and also apredetermined region based on a specific location. For example, as shownin FIG. 5, when the validity condition is a location, the validitycondition may include a range of the location information.

According to some embodiments of the present invention, the validitycondition of the authentication token may be the number of times of use.Here, the use of the authentication token may denote that theauthentication token is transmitted to a service provider.Alternatively, the use of the authentication token may denote that theauthentication token is transmitted to a service provider and thenauthority is received. When the validity condition is the number oftimes of use, the authentication token may be valid for only apredetermined number of times of use. That is, when the predeterminednumber of times of use is exceeded or exhausted, it may be determinedthat the authentication token has expired. Also, the authenticationtoken may include information for determining the number of times ofuse. The information for determining the number of times of use does notnecessarily have to be included in the authentication token and may beprovided as separate information.

For example, it is assumed that the number of times of use as thevalidity condition is five. When the authentication token is transmittedto the door operating device 3000 five times, it may be determined thatthe authentication token has expired.

As another example, it is assumed that the validity condition is sevenuses. When the authentication token is transmitted to the door operatingdevice 3000 seven times, it may be determined that the authenticationtoken has expired.

As still another example, it is assumed that the validity condition isthree uses. When the authentication token is transmitted to the dooroperating device 3000, but access authentication fails (for example, arejection message is received three times), it may be determined thatthe authentication token has expired.

According to some embodiments of the present invention, theauthentication token may include access status information.

The access status information may be information for determining whethera user has entered or has exited. Various embodiments associated withthe access status information will be described in detail in section 4.2titled “Access status management method.”

According to some embodiments of the present invention, theauthentication token may include issuer information.

The issuer information may be identification information for identifyingan authentication server 1000 that has issued the authentication token.The issuer information may be identification information for identifyinga service provider that operates the authentication server 1000 that hasissued the authentication token. The issuer information may be used todetermine whether the authentication token is issued from an authorizedissuer.

According to some embodiments of the present invention, theauthentication token may include recipient information.

The authentication token may be issued to at least one of the user andthe terminal 2000.

Accordingly, the recipient information may be information foridentifying who has issued the authentication token. Here, the recipientinformation may include at least one of user identification informationand terminal identification information.

According to some embodiments of the present invention, theauthentication token may include authentication token state information.

The authentication token state information may be information indicatingwhether the authentication token is valid or has expired.

3.2 Issuance of Authentication Token

3.2.1 User Registration (Registration of User and Setting of Authority)

A user registration method according to an embodiment of the presentinvention will be described below with reference to FIG. 6.

The user registration which will be described below is to register, inthe authentication server 1000, at least one of information regarding auser who uses the access control system 10000 and a user terminal 2000 athe user intends to use.

FIG. 6 is a flowchart of the user registration method according to anembodiment of the present invention.

Referring to FIG. 6, the user registration method according to anembodiment of the present invention may include acquiring userinformation (S100), registering the user information (S110), and settingauthority for the user information (S140).

According to some embodiments of the present invention, the registrationof the user information may be performed (S110). The acquisition of theuser information may be an authentication server 1000 acquiring at leastone of user information and terminal identification information.

The authentication server 1000 may acquire the user information invarious ways.

The authentication server 1000 may acquire the user information from auser terminal 2000 a. Also, the authentication server 1000 may acquirethe user information from the third-party authentication server 5000.

When the authentication server 1000 acquires the user information fromthe user terminal 2000 a, the authentication server 1000 may receive andacquire the user information from the user terminal 2000 a. For example,the user terminal 2000 a may receive and acquire user information from auser of the user terminal 2000 a and may transmit the acquired userinformation to the authentication server 1000.

When the authentication server 1000 acquires user information from athird-party authentication server 5000 designated by the user, theauthentication server 1000 may acquire information regarding thethird-party authentication server 5000 to which the user informationwill be provided from the user terminal 2000 a. The authenticationserver 1000 may request the third-party authentication server 5000 toprovide the user information and may acquire the user information.

The above-described user information acquisition is merely an exampleintended for convenience of description, and various typical userinformation provision methods may be used.

Also, according to some embodiments of the present invention, theregistration of the acquired user information may be performed (S110).The registration of the user information may be initiated by theauthentication server 1000. The registration of the user information maybe assigning unique user identification information to an issuancetarget, matching the user identification information to the userinformation, and storing the user identification information matched tothe user information.

The user information assigned to the issuance target registration of theuser information may be arbitrarily determined by the authenticationserver 1000. Also, the authentication server 1000 may assign useridentification information requested by the user terminal 2000 a to theissuance target.

The authentication server 1000 may transmit the user identificationinformation to the user terminal 2000 a so that the user can be aware ofthe user identification information.

Also, the authentication server 1000 may set a security keycorresponding to the user identification information. The security keycorresponding to the user identification information may be acquiredfrom the user terminal 2000 a. Also, the security key corresponding tothe user identification information may be generated and acquired by theauthentication server 1000. When the security key is generated and setby the authentication server 1000, the authentication server 1000 maytransmit the set security key to the user terminal 2000 a so that theuser can be aware of the security key.

Also, according to some embodiments of the present invention, thesetting of authority for the registered user information may beperformed (S130). The setting of authority for the user information maybe initiated by the authentication server 1000.

The setting of authority may be performed on the basis of authoritysetting information as in the above-described overview of theauthentication token.

The authentication server 1000 may store the user information andauthentication information corresponding to the user information.

3.2.2 User Authentication and Token Issuance

A user authentication and token issuance method according to anembodiment of the present invention will be described below withreference to FIG. 7.

FIG. 7 is a flowchart of an authentication token issuance methodaccording to an embodiment of the present invention.

Referring to FIG. 7, the authentication token issuance method mayinclude acquiring authentication token issuance request information(S200), performing user authentication (S210), generating anauthentication token (S220), and transmitting the authentication tokento a user terminal (S230).

According to some embodiments of the present invention, the acquisitionof authentication token issuance request information may be performed(S200). The acquisition of authentication token issuance requestinformation may be an authentication server 1000 acquiring theauthentication token issuance request information from a user terminal2000 a.

The authentication token issuance request information may include useridentification information and a security key.

Accordingly, the authentication server 1000 may acquire the useridentification information and the security key from the user terminal2000 a.

According to some embodiments of the present invention, the userauthentication may be performed (S210).

The authentication server 1000 may determine whether a user of the userterminal 2000 a, which requests an issuance of the authentication token,is authorized.

The authentication server 1000 may determine whether the user isauthorized on the basis of whether the acquired user identificationinformation and the security key corresponding to the useridentification information are valid.

The authentication server 1000 may determine whether the useridentification information acquired from the user terminal 2000 a andthe security key corresponding to the user identification informationare valid.

When the user identification information acquired from the user terminal2000 a is pre-registered, the authentication server 1000 may determinethat the acquired user identification information is valid.

Also, when the acquired security key corresponds to the security keystored and matched to the user identification information, theauthentication server 1000 may determine that the security key is valid.

When the acquired user identification information and security key arevalid, the authentication server 1000 may determine that the user isauthorized.

Also, the authentication server 1000 may acquire at least one of userinformation, user identification information, and a security key fromthe third-party authentication server 5000 to determine whether the useris authorized.

Also, the authentication server 1000 may acquire an authenticationresult from the third-party authentication server 5000 to determinewhether the user is authorized.

When it is determined that the user is not authorized, theauthentication server 1000 may transmit a message indicating that theauthentication has failed to the user terminal 2000 a.

According to some embodiments of the present invention, the generationof an authentication token may be performed (S220).

When the user is authorized, the authentication server 1000 may generatean authentication token to be transmitted to the user terminal 2000 a.The authentication server 1000 may generate the authentication token onthe basis of the authentication information assigned to the useridentification information.

According to some embodiments of the present invention, the transmissionof the authentication token to a user terminal 2000 a may be performed(S230).

The authentication server 1000 may transmit the generated authenticationtoken to the user terminal 2000 a. Also, the authentication server 1000may generate an update token corresponding to the authentication tokenand may transmit the generated update token to the user terminal 2000 a.

3.3 Update of Token

3.3.1 Update Token

As described above, it may be determined whether the authenticationtoken is valid or has expired according to a predetermined condition.

That is, conditions regarding how long or under which condition theauthentication token is valid may be set for the authentication token.When such a validity condition is not satisfied, the authenticationtoken should be updated or reissued.

According to some embodiments of the present invention, the update tokenmay be used to update the authentication token. When or before theauthentication token expires, the update token may be used to update theauthentication token with a new authentication token. When there is noupdate token and the authentication token has expired, authenticationmay have to be regenerated in order to reissue the authentication token.In order to address this inconvenience, a new authentication token maybe issued by means of an update token without separate authenticationwhile the update token is valid, thereby increasing user convenience.

The update token may include update token identification information,update conditions, authentication token identification informationregarding a corresponding authentication token, and a validity conditionof the update token.

The update token identification information may be information foridentifying a plurality of issued update tokens.

The update condition may be a condition for updating the authenticationtoken. The update conditions will be described in detail in section 4.4titled “Update of authentication token.”

The corresponding authentication token identification information may beidentification information of an authentication token to be updatedthrough the update token.

The update token may include a validity condition.

For example, the update token may have a limited period in which theupdate token is issued and determined as being valid. At what point theupdate token is valid may vary depending on the validity condition.

The validity condition of the update token may be an elapsed time sincethe issuance time, the number of updates, a location of the userterminal, a request from the authentication server, etc.

The validity condition of the update token may be applied to thevalidity condition of the authentication token.

According to some embodiments of the present invention, the validitycondition of the update token may be an elapsed time since the issuancetime.

For example, the update token may include a valid period indicating thatthe update token was valid for six hours since the issuance time. Theupdate token may include time information regarding the issuance timeand information regarding for how long the update token is valid afterthe issuance time. An entity for determining validity of the updatetoken may determine whether the update token is valid on the basis ofwhether the valid period has been exceeded since the issuance time withrespect to a current time at which whether the update token is valid isdetermined. In more detail, it is assumed that the issuance time of theupdate token is 0:00 am and the validity condition is that the currenttime is within six hours from the issuance time. In this case, when thecurrent time at which whether the update token is valid is determined is5:00 am, the terminal 2000 may determine that the update token is valid.When the current time at which whether the update token is valid isdetermined is 7:00 am, the terminal 2000 may determine that the updatetoken is not valid. Here, the validity determining entity is an elementfor determining whether the update token is valid and may be at leastone of the authentication server 1000, the terminal 2000, and the dooroperating device 3000.

As another example, the update token may include elapsed timeinformation for determining how much time has passed since the issuancetime. When a value corresponding to the elapsed time informationgradually increases and reaches a threshold indicating expiration, itmay be determined that the update token has expired. Depending on theselection, when the value corresponding to the elapsed time informationgradually decreases and reaches a threshold, it may be determined thatthe update token has expired.

According to some embodiments of the present invention, the validitycondition of the update token may be the number of updates.

For example, it is assumed that the validity condition is five updates.When the update token is transmitted to the authentication server 1000five times, it may be determined that the update token has expired.

As another example, it is assumed that the validity condition is sevenupdates. When the update token is transmitted to the authenticationserver 1000 seven times and thus the authentication token is updatedseven times, it may be determined that the update token has expired.

As still another example, it is assumed that the validity condition isthree updates. When the update token is transmitted to theauthentication server 1000 three times and thus a rejection message isreceived three times, it may be determined that the update token hasexpired. According to some embodiments of the present invention, thevalidity condition of the update token may be a location of the terminal2000.

When the terminal 2000 is placed at a predetermined location, it may bedetermined that the update token is valid. When the terminal 2000 isplaced outside of a predetermined location, it may be determined thatthe updated token is not valid.

When the determining entity is the authentication server 1000 ratherthan the terminal 2000, the terminal 2000 may provide locationinformation to the authentication server 1000 so that the authenticationserver 1000 can determine whether the update token is valid on the basisof the location information of the terminal 2000. The locationinformation may be at least one of the location of the terminal at atime point when the update token was issued and a current location ofthe terminal. The update token is also issued when the authenticationtoken is initially issued. Thus, location information at a time pointwhen the authentication token was issued may be the same as locationinformation at a time point when the update token was issued.Accordingly, the location information at the time point when the updatetoken was issued may be replaced with the location information at thetime point when the authentication token is issued.

For example, when a location range included in the validity condition iswithin 100 m from a company building and a location where the updatetoken is issued is out of the location range included in the validitycondition, the door operating device 3000 may determine that the updatetoken is not valid.

As another example, when a location range included in the validitycondition is within 100 m from a company building, the door operatingdevice 3000 may compare the location information acquired from theterminal 2000 to the location range included in the validity condition.When the acquired location information is out of the location rangeincluded in the validity condition, the door operating device 3000 maydetermine that the update token is not valid.

As still another example, when it is determined that the currentlocation information is out of the location range included in thevalidity condition, the terminal 2000 may determine that the updatetoken has expired and may change the state of the update token to anexpired state. When it is determined that the update token is not valid,the authentication server 1000 may refuse to update the authenticationtoken.

3.3.2 Update of Authentication Token (Embodiment of Update Token)

According to some embodiments of the present invention, theauthentication token may be updated.

The update of the authentication token may denote that a newauthentication token is issued by the authentication server. The newauthentication token may have the same authentication information as apre-issued authentication token. However, when there is a change ofauthority, the new authentication token may have differentauthentication information from the pre-issued authentication token.

Also, the new authentication token may have a different valid periodfrom the pre-issued authentication token.

The terminal 2000 may transmit the update token to the authenticationserver 1000 to make a request to update the authentication token.

The authentication server 1000 may transmit an authentication tokencorresponding to the transmitted update token to the terminal 2000.

According to some embodiments of the present invention, an updatecondition may be set for the update token.

According to some embodiments of the present invention, when theauthentication token has expired, the terminal 2000 may transmit theupdate token to the authentication server 1000 to make a request toupdate the authentication token.

For example, when it is determined that the authentication token hasexpired, the terminal 2000 may transmit the update token to theauthentication server 1000 to make a request to update theauthentication token. As another example, when an expiration messageindicating that the authentication token has expired is received fromthe door operating device 3000, the terminal 2000 may transmit theupdate token to the authentication server 1000 to make a request toupdate the authentication token.

According to some embodiments of the present invention, a predeterminedperiod may be set for the update token as the update condition.

When the predetermined period of time has passed from the issuance timeof the update token, the terminal 2000 may transmit the update token tothe authentication server 1000 to make a request to update theauthentication token.

When the update time is reached, the terminal 2000 may transmit anauthentication token to the authentication server 1000 to make a requestto update the authentication token.

The update token may include information regarding a period of timeremaining until the update time. When the remaining period of timeincluded in the update token is subtracted from the predetermined updatetime, the terminal 2000 may transmit the update token to theauthentication server 1000 to make a request to update theauthentication token.

For example, when 1000 sec is set for the update token as the remainingperiod information, the terminal 2000 may transmit the update token tothe authentication server 1000 at the update time when the timedecreases from 1000 sec to 0 sec in order to make a request to updatethe authentication token.

As another example, when 1000 sec is set for the update token, theterminal 2000 may transmit the update token to the authentication server1000 every 100 seconds to make a request to update the authenticationtoken.

According to some embodiments of the present invention, theauthentication token may be updated after whether to update theauthentication token is determined on the basis of the location.

When the user terminal 2000 enters a predetermined location, the userterminal 2000 may transmit the update token to the authentication server1000 to make a request to update the authentication token.

According to some embodiments of the present invention, theauthentication token may be updated after whether to update theauthentication token is determined on the basis of the user's request.

When a user input for an update request is entered, the terminal 2000may transmit the update token to the authentication server 1000 to makea request to update the authentication token.

According to some embodiments of the present invention, whether theauthentication token is updated may be determined depending on whetherconnection is established between the terminal 2000 and the dooroperating device 3000.

In an embodiment, the authentication token may be updated whencommunication is established between the terminal 2000 and the dooroperating device 3000. In this case, the updated authentication tokenmay be transmitted to the door operating device 3000.

When communication is established with the door operating device 3000,the terminal 2000 may transmit the update token to the authenticationserver 1000 to make a request to update the authentication token.

The terminal 2000 may transmit the updated authentication token to thedoor operating device 3000.

According to some embodiments of the present invention, theauthentication token may be updated when a result obtained bydetermining whether to open the door is received from the door operatingdevice 3000. For example, the terminal 2000 may transmit theauthentication token to the door operating device 3000 to receive aresult obtained by determining whether to open the door.

When the result obtained by determining whether to open the door isreceived from the door operating device 3000, the terminal 2000 maytransmit the update token to the authentication server 1000 in order tomake a request to update the authentication token.

According to some embodiments of the present invention, the update tokenmay be updated according to a predetermined condition. According to someembodiments of the present invention, both of the authentication tokenand the update token may have expired according to the above-describedvalidity conditions. When both the authentication token and the updatetoken have expired, the authentication token and the update token mayhave to be reissued through re-authentication. When both of theauthentication token and the update token have expired, theauthentication server 1000 may perform user authentication and thenissue the authentication token and the update token to the terminal2000.

According to some embodiments of the present invention, the update tokenmay be updated.

When the valid period of the update token is within a predeterminedperiod of time, the update token may be updated.

For example, the authentication server 1000 may acquire the update tokenfrom the terminal 2000 in order to update the authentication token. Inthis case, when a period of time remaining until expiration of theupdate token is within the predetermined period of time, theauthentication server 1000 may update the update token and transmit theupdated update token to the terminal 2000. The update of the updatetoken of the authentication server 1000 may be initializing the periodof time remaining until the expiration.

As another example, when the period remaining until the expiration ofthe update token is within the predetermined period of time, theterminal 2000 may transmit the update token to the authentication server1000 to make a request to update the update token.

According to some embodiments of the present invention, when theterminal 2000 is placed at a predetermined location, the update tokenmay be updated.

According to some embodiments of the present invention, the update tokenmay be updated after whether to update the update token is determined onthe basis of the user's request.

When a user input for making a request to update the update token isentered, the terminal 2000 may transmit the update token to theauthentication server 1000 to make a request to update theauthentication token.

The authentication server 1000 may determine whether the transmittedupdate token is valid. When the update token is valid, theauthentication server 1000 may transmit an authentication tokencorresponding to the update token to the terminal 2000. Also, when thetransmitted update token is not valid, the authentication server 1000may determine that the update is not possible and may transmit a messageindicating that the update is not possible to the terminal 2000.

The authentication server 1000 may determine whether the update token isvalid on the basis of an elapsed time since the issuance time, alocation of the terminal 2000, the number of times the update token isupdated, and so on.

Also, the authentication server 1000 may acquire the locationinformation of the terminal 2000 from the terminal 2000 in order todetermine whether the update token is valid on the basis of the locationof the terminal 2000.

4. Utilization of Authentication Token

The access control system 10000 of the present invention may performvarious operations by using the acquired authentication token.

Various sub-embodiments of the access control system 10000 will bedescribed below in more detail.

However, for convenience of description, a process after the userterminal 2000 a acquires the authentication token from theauthentication server 1000 will be described below. The process in whichthe user terminal 2000 a acquires the authentication token from theauthentication server 1000 has been described in section 3 titled“Authentication token and update token,” and thus a detailed descriptionthereof will be omitted.

4.1. Door Opening Management Method

A conventional access control system includes an access control serverand an access control device. When a user requests an access, the accesscontrol server and the access control device are systematically linkedto determine whether to allow the access.

Such a conventional system may determine whether to allow an access onlywhen the access control server and the access control device are able tocommunicate with each other and also perform their respective roles.Accordingly, when the access control server is disabled or when aproblem arises in communication between the access control server andthe access control device, a user access cannot be allowed.

A door opening control method according to an embodiment of the presentinvention will be described below with reference to FIGS. 8 and 9.

FIG. 8 is a surrounding view of the door opening control methodaccording to an embodiment of the present invention.

As illustratively shown in FIG. 8, according to the door opening controlmethod according to an embodiment of the present invention, a userterminal 2000 a transmits an authentication token to a door operatingdevice 3000, and the door operating device 3000 determines whether toopen a door 4000 on the basis of the authentication token and opens thedoor 4000 when the authentication token has authority to open the door4000. Thus, a user of the user terminal 2000 a may access the door 4000.

As described in section 3 titled “Authentication token and updatetoken,” the user terminal 2000 a acquires the authentication token bythe authentication server issuing the authentication token to the userterminal 2000 a.

In the door opening control method according to an embodiment of thepresent invention, the authentication server 1000 may not be involved ina series of processes in which the user terminal 2000 a makes a requestto open the door by means of the authentication token and the dooroperating device 3000 determines whether to open the door.

Accordingly, the door opening control method according to an embodimentof the present invention, unlike the conventional access control system,may allow an access without any problem when an authentication token isvalid even though the authentication token is disabled.

The basic concept of the door opening control method according to anembodiment of the present invention may be applied to the followingvarious embodiments.

A door opening control method according to a first sub-embodiment of thepresent invention will be described below with reference to FIG. 9.

FIG. 9 is a flowchart of a door opening control method according to anembodiment of the present invention.

Referring to FIG. 9, the door opening control method may include a userterminal 2000 a transmitting an authentication token to a first dooroperating device 3000 a (S300), the first door operating device 3000 adetermining whether to open a door (S310), the first door operatingdevice 3000 a transmitting a result of the determination for the opening(S320), the first door operating device 3000 a opening the door (S330),the user terminal 2000 a transmitting the authentication token to asecond door operating device 3000 b (S340), the second door operatingdevice 3000 b determining whether to open the door (S350), the seconddoor operating device 3000 b transmitting the opening determinationresult (S360), and the second door operating device 3000 b opening thedoor (S370).

According to some embodiments of the present invention, the transmissionof an authentication token to the first door operating device 3000 a maybe performed by the user terminal 2000 a (S300).

When communication with the first door operating device 3000 a isestablished, the user terminal 2000 a may transmit a prestoredauthentication token to the first door operating device 3000 a. As anexample, the user terminal 2000 a may automatically transmit a prestoredauthentication token to the first door operating device 3000 a eventhough there is no separate user request.

Alternatively, the user terminal 2000 a may transmit a prestoredauthentication token to the first door operating device 3000 a when auser request is input. For example, the user terminal 2000 a may informa user that the communication with the first door operating device 3000a has been established. When an authentication token transmissionrequest is input from the user while the communication with the firstdoor operating device 3000 a is established, the user terminal 2000 amay transmit an authentication token to the first door operating device3000 a. As another example, when the communication with the first dooroperating device 3000 a is established while an authentication tokentransmission request is input from the user, the user terminal 2000 amay transmit a prestored authentication token to the first dooroperating device 3000 a. However, in order to determine the user'scancellation intent due to a false input and a change in situation, whenthe user terminal 2000 a is not connected to the first door operatingdevice 3000 a within a predetermined amount of time from a time when theauthentication token transmission request is input, the user terminal2000 a may determine that the user has a cancellation intent and maycancel the authentication token transmission request. When theauthentication token transmission request is cancelled, the userterminal 2000 a may not transmit a prestored authentication token to thefirst door operating device 3000 a even though the user terminal 2000 ais connected to the first door operating device 3000 a.

The above-described prestored authentication token to be transmitted mayrefer to at least one authentication token stored in the user terminal2000 a.

When the valid authentication token is present among prestoredauthentication tokens, the user terminal 2000 a may transmit noauthentication token to the first door operating device 3000 a.

Also, according to some embodiments of the present invention, thedetermination of whether to open a door may be performed by the firstdoor operating device 3000 a (S310).

The determination of whether to open a door may be performed on thebasis of authority included in authentication information.

The authority determination of the door operating device 3000 may beprovided in various ways.

A first way may be determining authority when the authentication tokenincludes door identification information of a door to which theauthority is assigned.

In the first way, the first door operating device 3000 a may determinewhether door identification information corresponding to the first dooroperating device 3000 a is included in the authentication token. Thefirst door operating device 3000 a may determine whether theauthentication token has authority when the door identificationinformation corresponding to the first door operating device 3000 a isincluded in the authentication token.

A second way may be determining authority when the authentication tokenincludes at least one of authorized door identification information andunauthorized door identification information and also includesauthentication information therefor.

In the second way, the first door operating device 3000 a may determinewhether authority for a door corresponding to the first door operatingdevice 3000 a is included in the authentication token.

The first door operating device 3000 a may determine whether first dooridentification information corresponding to the first door operatingdevice 3000 a is included in the authentication token. Also, the firstdoor operating device 3000 a may determine whether authoritycorresponding to the first door identification information is authorityto pass through the door.

Also, the first door operating device 3000 a may determine whether toopen the door in further consideration of whether the authenticationtoken is valid. When a valid period included in the authentication tokenhas expired, the first door operating device 3000 a may determine thatthe authentication token is not authorized to open the door.

Also, according to some embodiments of the present invention, thetransmission of a result of the determination for the opening may beperformed by the first door operating device 3000 a (S320).

The first door operating device 3000 a may transmit the openingdetermination result to the user terminal 2000 a.

When the opening determination result is that the authentication tokenhas authority to open the door 4000, the first door operating device3000 a may transmit permission information indicating that it has beendetermined that the authentication token has authority to the userterminal 2000 a. Also, the first door operating device 3000 a may issuea notification that it has been determined that the authentication tokenhas authority by outputting at least one of auditory information andvisual information through a separate output unit.

Also, when the opening determination result is that the authenticationtoken is not authorized to open the door 4000, the first door operatingdevice 3000 a may transmit a message indicating that the opening of thedoor 4000 is not allowed to the user terminal 2000 a.

The step S320 described above is not necessarily essential and may beomitted according to some embodiments. Also, the step S320 is notnecessarily preceded by the step S330 and may be performed during orafter the step S330 according to some embodiments.

Also, according to some embodiments of the present invention, theopening of the door may be performed by the first door operating device3000 a (S330).

When it is determined that the authentication token includes authorityto open the door 4000, the first door operating device 3000 a mayprovide power through a door driving unit 3600 so that the door leaf canbe unlocked. Also, when the door 4000 is an automatic door, the firstdoor operating device 3000 a may provide power through the door drivingunit 3600 so that the door leaf can be opened.

After the door leaf is unlocked, the first door operating device 3000 amay provide power through the door driving unit 3600 so that the doorleaf is locked on the basis of a locking condition. The first dooroperating device 3000 a may determine whether the door leaf is closedagain on the basis of a signal acquired from a door sensor unit 3400.When the door leaf is closed again, the first door operating device 3000a may provide power through the door driving unit 3600 so that the doorleaf can be locked. Also, the first door operating device 3000 a mayprovide power through the door driving unit 3600 in furtherconsideration of a locking standby time so that the door leaf can belocked after the locking standby time even though the door leaf isclosed again.

Also, according to some embodiments of the present invention, thetransmission of an authentication token to a second door operatingdevice 3000 b may be performed by the user terminal 2000 a (S340).

When communication with the second door operating device 3000 b isestablished, the user terminal 2000 a may transmit a prestoredauthentication token to the second door operating device 3000 b.

Also, according to some embodiments of the present invention, thedetermination of whether to open the door may be performed by the seconddoor operating device 3000 b (S350).

The second door operating device 3000 b may determine whether dooridentification information corresponding to the second door operatingdevice 3000 b is included in the authentication token. When the dooridentification information corresponding to the second door operatingdevice 3000 b is included in the authentication token, the second dooroperating device 3000 b may determine whether the authentication tokenhas authority to open the door 4000.

The second door operating device 3000 b may determine whether authorityto open the door 4000 corresponding to the second door operating device3000 b is included in the authentication token.

The second door operating device 3000 b may determine whether seconddoor identification information corresponding to the second dooroperating device 3000 b is included in the authentication token. Also,the second door operating device 3000 b may determine whether authoritycorresponding to the second door identification information is authorityto open the door 4000.

Also, according to some embodiments of the present invention, thetransmission of the opening determination result may be performed by thesecond door operating device 3000 b (S360).

The second door operating device 3000 b may transmit the result of thedetermination for the opening to the user terminal 2000 a.

When the result of the determination for the opening is that theauthentication token has authority to open the door 4000, the seconddoor operating device 3000 b may transmit permission informationindicating that it has been determined that the authentication token hasauthority to open the door 4000 to the user terminal 2000 a. Also, thesecond door operating device 3000 b may inform that it has beendetermined that the authentication token has authority to open the door4000 by outputting at least one of auditory information and visualinformation through a separate output unit.

Also, when the opening determination result is that the authenticationtoken is not authorized to open the door 4000, the second door operatingdevice 3000 b may transmit a message indicating that the opening of thedoor 4000 is not allowed to the user terminal 2000 a.

Also, according to some embodiments of the present invention, theopening of the door may be performed by the second door operating device3000 b (S370).

When it is determined that the authentication token includes authorityto open the door 4000, the second door operating device 3000 b mayprovide power through the door driving unit 3600 so that the door leafcan be unlocked. Also, when the door 4000 is an automatic door, thesecond door operating device 3000 b may provide power through the doordriving unit 3600 so that the door leaf can be opened.

After the door leaf is unlocked, the second door operating device 3000 bmay provide power through the door driving unit 3600 so that the doorleaf is locked on the basis of a locking condition. The second dooroperating device 3000 b may determine whether the door leaf is closedagain on the basis of a signal acquired from the door sensor unit 3400.When the door leaf is closed again, the second door operating device3000 b may provide power through the door driving unit 3600 so that thedoor leaf can be locked. Also, the second door operating device 3000 bmay provide power through the door driving unit 3600 in furtherconsideration of a locking standby time so that the door leaf can belocked after the locking standby time even though the door leaf has beenclosed again.

Accordingly, for the access request and the permission according to thefirst sub-embodiment of the present invention, the user terminal 2000 amay open the door 4000 to which the authority is assigned by using theauthentication token acquired from the authentication server 1000. Thus,when the prestored authentication token is valid, the user terminal 2000a does not perform additional authentication with the authenticationserver 1000, and the user may freely access a door to which theauthority is assigned among a plurality of doors 4000.

4.2. Access Status Management Method

An access status management method according to an embodiment of thepresent invention will be described below with reference to FIGS. 10 to17.

While the access status management method according to an embodiment ofthe present invention is described below, contents the same as those ofthe door opening control method according to an embodiment of thepresent invention, for example the opening of the door, will be omittedor briefly described.

FIG. 10 is a surrounding view of the access status management methodaccording to an embodiment of the present invention.

As shown in FIG. 10, a first door communication unit 3110 may beprovided at an inner side with respect to a door 4000, and a second doorcommunication unit 3120 may be provided at an outer side with respect tothe door 4000.

Also, shown in FIG. 10, the first door communication unit 3110 and thesecond door communication unit 3120 may be connected to a door controlunit 3700.

The arrangement environment of the first door communication unit 3110and the second door communication unit 3120 shown in FIG. 10 are onlyexamples for convenience of description, and the present invention isnot limited thereto. Depending on the selection, the locations of thefirst door communication unit 3110 and the second door communicationunit 3120 may be changed, only one of the first door communication unit3110 and the second door communication unit 3120 may be provided, andalso an additional element such as a third door communication unit maybe further provided.

Also, depending on the operating environment, separate door operatingdevices 3000 may be provided at the inner side and the outer side. Forexample, the first door operating device 3000 a may be provided at theouter side, and the second door operating device 3000 b may be providedat the inner side.

Also, depending on the operating environment, a single doorcommunication unit 3100 that is responsible for the inner side and theouter side may be provided. In this case, the door communication unit3100 may detect a distance from the user terminal 2000 a and a directionof the user terminal 2000 a to determine whether the user enters theinner side from the outer side or exits the inner side to the outerside.

For convenience of description, the access status management method ofthe present invention and its modifications will be described below withreference to the installation environment of FIG. 10.

In the following description with reference to FIG. 10, management ofwhether an authorized user uses the access control system may be a veryimportant issue.

For example, when a plurality of users intend to pass through a door4000 in an automated access control system, a user of a first userterminal 2000 a′ may be authorized by using an authentication token andthen may pass through the door 4000, but a user of a second userterminal 2000 a″ may pass through the door 4000 that is opened by theuser of the first user terminal 2000 a′ without determination of accessauthority. In this case, a history of the user of the second userterminal 2000 a″ passing through the door 4000 may not be managed.

In order for the access status management method according to anembodiment of the present invention to prevent such a problem, accessstatus information may be additionally included, and thus it is possibleto determine whether there is an abnormal access on the basis of theaccess status information and also possible to refuse the abnormalaccess. For example, when a user passes through the door by means ofaccess authentication, the user's access status is changed from an entrystate to an exit state. When the user intends to exit, the dooroperating device 3000 may open the door 4000 so that the user can passas long as the user has authority because the access status of the useris normal.

On the other hand, when a user has passed without access authentication,the user's access status is maintained at the entry state. When the userintends to exit, the door operating device 3000 may refuse to open thedoor 4000 even though the user is authorized because the access statusis not normal. According to some embodiments of the present invention,the user has to request the authentication server 1000 to reissue theaccess status, and thus it is possible for the authentication server1000 to independently manage the access status.

The access status management method according to an embodiment of thepresent invention and its modifications will be described below withreference to FIGS. 11 to 17.

FIG. 11 is a flowchart showing an access status management methodaccording to an embodiment of the present invention.

Referring to FIG. 11, the access status management method may includetransmitting an authentication token and access status information(S400), determining whether to open a door (S410), changing the accessstatus information (S420), transmitting the changed access statusinformation (S430), opening the door (S440), and transmitting arejection message (S450).

According to some embodiments of the present invention, the transmissionof authentication token and first access status information to a firstdoor communication unit 3110 may be performed by a user terminal 2000 a(S400).

When communication is established between the user terminal 2000 a andthe first door communication unit 3110, the user terminal 2000 a maytransmit a prestored authentication token and first access statusinformation to the first door communication unit 3110. The communicationbeing established between the user terminal 2000 a and the first doorcommunication unit 3110 may denote that the user terminal 2000 aestablishes communication with the door operating device 3000.

The user terminal 2000 a may automatically transmit the prestoredauthentication token and the first access status information to thefirst door communication unit 3110 even without a separate user request.

Alternatively, the user terminal 2000 a may transmit the prestoredauthentication token and the first access status information to thefirst door communication unit 3110 even when a user request is input.For example, the user terminal 2000 a may issue a notification that thecommunication with the first door communication unit 3110 has beenestablished. When an authentication token transmission request is inputfrom the user while the communication with the first door communicationunit 3110 is established, the user terminal 2000 a may transmit theprestored authentication token and the first access status informationto the first door communication unit 3110. As another example, when thecommunication with the first door communication unit 3110 is establishedwhile the authentication token transmission request is input from theuser, the user terminal 2000 a may transmit the prestored authenticationtoken and the first access status information to the first doorcommunication unit 3110. However, in order to determine the user'scancellation intent due to a false input and a change in situation, whenthe user terminal 2000 a is not connected to the first doorcommunication unit 3110 within a predetermined amount time from a timewhen the authentication token transmission request is input, the userterminal 2000 a may determine that the user has a cancellation intentand may cancel the authentication token transmission request. When theauthentication token transmission request is cancelled, the userterminal 2000 a may not transmit a prestored authentication token to thefirst door communication unit 3110 even though the user terminal 2000 ais connected to the first door communication unit 3110.

The above-described prestored authentication token to be transmitted mayrefer to at least one authentication token stored in the user terminal2000 a.

Also, according to some embodiments of the present invention, thedetermination of whether to open a door may be performed (S410).

The door control unit 3700 may acquire the authentication token and theaccess status information through the first door communication unit3110.

The door control unit 3700 may determine whether to open a door on thebasis of the access status information and authority included in theauthentication token.

The door control unit 3700 may determine whether door identificationinformation corresponding to the door operating device 3000 and/or thedoor 4000 is included in the authentication token. When the dooridentification information corresponding to the door operating device3000 and/or the door 4000 is included in the authentication token, thedoor control unit 3700 may determine that the authentication hasauthority.

The door control unit 3700 may determine whether the authenticationtoken has authority in consideration of the door identificationinformation and an authority value.

The door control unit 3700 may determine whether door authoritycorresponding to the door operating device 3000 and/or the door 4000 isincluded in the authentication token.

The door control unit 3700 may determine whether door identificationinformation corresponding to the door operating device 3000 and/or thedoor 4000 is included in the authentication token. Also, the doorcontrol unit 3700 may determine whether authority included inauthentication information corresponding to the door identificationinformation is authority to pass through the door.

The door control unit 3700 may determine whether access statusinformation included in the authentication information is normal.

In an embodiment, the door control unit 3700 may determine whether anaccess status included in the access status information is a statecorresponding to the first door communication unit 3110.

When the authentication token is authorized and also the access statusinformation included in the authentication information corresponds tothe first door communication unit 3110, the door control unit 3700 maydetermine that the door will be opened. For example, when the accessstatus information indicates an entry state while the first doorcommunication unit 3110 is installed at the outer side with respect tothe door, the door control unit 3700 may determine that the accessstatus information corresponds to the first door communication unit3110.

The door control unit 3700 may determine whether to open the door on thebasis of various additional determination criteria, in addition to theauthority determination based on the authentication token and alsowhether the access status information is normal.

According to some embodiments of the present invention, the door controlunit 3700 may determine whether to open the door in furtherconsideration of the number of users who are allowed to enter a space.

The door control unit 3700 may calculate the current number of users whohave entered the space. The door control unit 3700 may calculate thecurrent number of users who have entered, which is equal to the numberof users who have entered minus the number of users who have exited. Forexample, the door control unit 3700 may calculate the number of userswho have entered by subtracting the number of users having an accessstatus of an exit state when the door is opened from the number of usershaving an access status of as entry state when the door is opened.

When the number of users who have entered is greater than or equal to apredetermined maximum number of allowable users, the door control unit3700 may determine that the opening of the door is not allowed.

Also, according to some embodiments of the present invention, the changeof the access status information may be performed (S420).

When it is determined the door will be opened, the door control unit3700 may change the access status information.

For example, when authority to pass through the door is included in theauthentication token and it is determined that the access statusinformation is normal, the door control unit 3700 may change the accessstatus information. As a more detailed example, when the access statusinformation indicates an entry state, the door control unit 3700 maychange the access status information to an exit state.

Also, according to some embodiments of the present invention, thetransmission of the changed access status information may be performed(S430).

The door control unit 3700 may execute control so that the access statusinformation can be transmitted to the user terminal 2000 a.

Also, the door control unit 3700 may execute control so that the openingdetermination result can be transmitted to the user terminal 2000 a.

When the result of the authority determination is that theauthentication has authority, the door control unit 3700 may transmitpermission information indicating that it has been determined that theauthentication token has authority to the user terminal 2000 a. Also,the door control unit 3700 may inform that it has been determined thatthe authentication token has authority by outputting at least one ofauditory information and visual information through a separate outputunit.

Also, when the result of the determination for the opening is that theauthentication token has no authority to open the door 4000, the doorcontrol unit 3700 may execute control so that a message indicating thatthe opening of the door 4000 is not allowed can be transmitted to theuser terminal 2000 a.

Also, according to some embodiments of the present invention, theopening of the door may be performed (S440).

When it is determined that the authentication token includes authorityto open the door 4000, the door control unit 3700 may control the doordriving unit 3600 so that the door leaf can be unlocked.

The door driving unit 3600 may provide power so that the door leaf canbe unlocked. Also, when the door 4000 is an automatic door, the doorcontrol unit 3700 may control the door driving unit 3600 so that thedoor leaf can be opened. In this case, the door driving unit 3600 mayprovide power so that the door leaf can be opened.

After the door leaf is unlocked, the door control unit 3700 may controlthe door driving unit 3600 so that the door leaf can be locked on thebasis of a locking condition. The door control unit 3700 may determinewhether the door leaf is closed again on the basis of a signal acquiredfrom a door sensor unit 3400. When the door leaf is closed again, thedoor control unit 3700 may control the door driving unit 3600 to providepower so that the door leaf can be locked. Also, the door control unit3700 may control the door driving unit 3600 in further consideration ofa locking standby time so that the door leaf can be locked after thelocking standby time even though the door leaf has been closed again.

Also, according to some embodiments of the present invention, thetransmission of a rejection message may be performed when a result ofdetermining whether to open the door indicates rejection (S450).

The door control unit 3700 may execute control so that an openingrejection message can be transmitted to the user terminal 2000 a whenthe result of determining whether to open the door indicates rejection.

The opening rejection message may be a message indicating that theopening of the door is not allowed.

The opening rejection message may additionally include an openingrejection reason. For example, the opening rejection message may includeopening rejection reasons such as no authority, an invalidauthentication token, an expired authentication token, an abnormalaccess status, and the maximum allowable number of users having beenexceeded.

In the above-described access status management method according to anembodiment of the present invention, the user terminal 2000 a mayprovide unchanged access status information to the door operating device3000, and the door operating device 3000 may determine whether to openthe door and open the door when it is determined that the door will beopened. In this case, when the user terminal 2000 a may transmit changedaccess status information to the first door communication unit 3110without passing through the opened door, the door control unit 3700 mayrefuse to open the door, unlike in the case where the opening of thedoor is allowed on the basis of the unchanged access status information.

Also, for convenience of description, the authentication token beingtransmitted through the first door communication unit 3110 has beendescribed on with an assumed entry state, but the present invention isnot limited thereto and may be implemented in various ways depending onthe installation environment. For example, during the exit state, theaccess status management method may be performed by transmitting theauthentication token through the second door communication unit 3120.

The access state management method according to an embodiment of thepresent invention may be variously modified and provided.

Modifications of the access status management method will be describedbelow with reference to FIGS. 12 to 17.

While the modifications of the access status management method aredescribed below, the same numerals will be used for elements and stepsthe same as those of the above-described access status managementmethod, and steps the same as those of the above-described access statusmanagement method will be omitted.

4.2.1. Access Status Management Method—First Modification

FIG. 12 is a sequence chart showing the first modification of the accessstatus management method according to an embodiment of the presentinvention.

Referring to FIG. 12, the first modification of the access statusmanagement method may include transmitting an authentication token(S400), determining whether to open a door (S410), transmitting openingdetermination result information (S500), opening the door (S440), makinga request to update access status information (S510), an authenticationserver 1000 changing the access status information (S520), andtransmitting the updated access status information (S530).

According to some embodiments of the present invention, the transmissionof an authentication token to a first door communication unit 3110 maybe performed by a user terminal 2000 a (S400).

Also, according to some embodiments of the present invention, thedetermination of whether to open a door may be performed by the doorcontrol unit 3700 (S410).

Also, according to some embodiments of the present invention, theexecution of control so that opening determination result informationcan be transmitted may be performed by the door control unit 3700(S500).

When it is determined that authority is included in the authenticationtoken and the access status is normal, the door control unit 3700 mayexecute control so that information indicating that it is permitted toopen the door can be transmitted to the user terminal 2000 a.

Alternatively, when it is determined that authority is not included inthe authentication token or the access status is not normal, the doorcontrol unit 3700 may execute control so that information indicatingthat the opening of the door has been rejected can be transmitted to theuser terminal 2000 a.

Also, the door control unit 3700 may execute control so that the accessstatus information can be transmitted to the user terminal 2000 a.

Also, the door control unit 3700 may execute control so that theauthentication token can be transmitted to the user terminal 2000 a.

Also, according to some embodiments of the present invention, theopening of the door may be performed (S440).

Also, according to some embodiments of the present invention, the userterminal 2000 a may request the authentication server 1000 to update theaccess status information (S510).

When the user terminal 2000 a receives information indicating that it ispermitted to open the door from the door operating device 3000, the userterminal 2000 a may request the authentication server 1000 to update theaccess status information.

The user terminal 2000 a may transmit identification information of thedoor which is allowed to be open, information indicating that theopening of the door is allowed, and the access status information to theauthentication server 1000 in order to request the authentication server1000 to update the access state information.

Also, according to some embodiments of the present invention, theauthentication server 1000 may change an access status of the receivedaccess status information (S520).

The authentication server 1000 may update the access state included inthe received access status information.

The authentication server 1000 may transmit the updated access status tothe user terminal 2000 a. For example, when the access status indicatesan entry state, the authentication server 1000 may update the accessstatus with an exit state. As another example, when the access statusindicates an exit state, the authentication server 1000 may update theaccess status with an entry state.

Also, according to some embodiments of the present invention, theauthentication server 1000 may transmit the updated access statusinformation to the user terminal 2000 a (S530).

Depending on the situation, various additional functions may be added tothe above-described first modification of the access status managementmethod. The first modification of the access status management methodmay determine whether a user has entered a specific space on the basisof identification information of a door that is allowed to be opened,which is acquired from the user terminal 2000 a.

According to some embodiments of the present invention, theauthentication server 1000 may determine whether all users have beenevacuated to an assembly point upon occurrence of an emergency such as afire. The authentication server 1000 may determine whether a user hasentered a predetermined assembly point on the basis of theidentification information of the door that is allowed to be opened,which is acquired from the user terminal 2000 a.

Also, the authentication server 1000 may transmit an evacuationnotification to a user terminal 2000 a of a user who has not entered thepredetermined assembly point among users who are registered or users whoreceive the authentication token. Also, the authentication server 1000may transmit information for providing guidance to the location of thepredetermined assembly point to a user terminal 2000 a of a user who hasnot entered the predetermined assembly point among users who areregistered or users who receive the authentication token.

4.2.2. Access Status Management Method—Second Modification

FIG. 13 is a sequence chart showing the second modification of theaccess status management method according to an embodiment of thepresent invention.

Referring to FIG. 13, the second modification of the access statusmanagement method may include transmitting an authentication token(S400), determining whether to open a door (S410), transmitting openingdetermination result information (S500), making a request to updateaccess status information (S510), an authentication server 1000 changinga timestamp record and access status information (S520), transmittingthe updated access status information (S530), transmitting a timestamp(S540), checking the timestamp (S550), and opening the door (S440).

According to some embodiments of the present invention, anauthentication token may be transmitted (S400).

According to some embodiments of the present invention, thedetermination of whether to open a door may be performed (S410).

According to some embodiments of the present invention, the transmissionof opening determination result information may be performed (S500).

According to some embodiments of the present invention, the making of arequest to update access status information may be performed (S510).

According to some embodiments of the present invention, the change of atimestamp record and access status information may be performed by theauthentication server 1000 (S520).

The authentication server 1000 may record a timestamp to at least one ofthe authentication token and access status information.

The authentication server 1000 may record a timestamp on the basis of atleast one of a time at which information indicating that the door isallowed to be opened is acquired, a time at which access statusinformation of which updating is requested, and a current time.

According to some embodiments of the present invention, the transmissionof the updated access status information may be performed (S530).

The authentication server 1000 may transmit the updated access statusinformation to the user terminal 2000 a. Also, when the authenticationtoken is acquired from the user terminal 2000 a, the authenticationserver 1000 may transmit the authentication token to the user terminal2000 a. Also, when the timestamp is recorded to the authenticationtoken, the authentication server 1000 may transmit the updatedauthentication token to which the timestamp is recorded to the userterminal 2000 a.

Also, the authentication server 1000 may transmit the access statusinformation and the timestamp separately and independently.

According to some embodiments of the present invention, the transmissionof a timestamp may be performed (S540).

The user terminal 2000 a may transmit the timestamp to a door operatingdevice 3000. For example, as shown in FIG. 13, the user terminal 2000 amay transmit the timestamp to a first door communication unit 3110.

The user terminal 2000 a may transmit an independently providedtimestamp to the door operating device 3000.

Alternatively, when the timestamp is included in the access statusinformation, the user terminal 2000 a may transmit the access statusinformation to the door operating device 3000 to transmit the timestampto the door operating device 3000.

Alternatively, when the timestamp is included in the authenticationtoken, the user terminal 2000 a may transmit the authentication token tothe door operating device 3000 to transmit the timestamp to the dooroperating device 3000.

According to some embodiments of the present invention, the checking ofthe timestamp may be performed (S550).

A door control unit 3700 may check the timestamp.

The door control unit 3700 may check whether the timestamp has beenacquired from the user terminal 2000 a. For example, the door controlunit 3700 may check whether an independent timestamp has been acquiredfrom the user terminal 2000 a. As another example, the door control unit3700 may check whether the timestamp is included in at least one of theauthentication token and the access status information acquired from theuser terminal 2000 a.

The door control unit 3700 may check whether the period of the timestampis valid.

For example, the door control unit 3700 may check whether the time ofthe timestamp is a time at which or after which the openingdetermination result was transmitted. When the time of the timestamp isa time at which or after which the opening determination result wastransmitted, the door control unit 3700 may determine whether the timeof the timestamp is valid.

When a result of checking the timestamp is that there is no error, thedoor control unit 3700 may execute control so that the door can beopened.

According to some embodiments of the present invention, the opening ofthe door may be performed (S440).

The above-described timestamp may be modified in various forms. Forexample, the timestamp may be provided as a certificate, an electronicsignature, a security key, or the like.

4.2.3. Access Status Management Method—Third Modification

FIG. 14 is a sequence chart showing the third modification of the accessstatus management method according to an embodiment of the presentinvention.

Referring to FIG. 14, the third modification of the access statusmanagement method may include transmitting an authentication token(S400), determining whether to open a door (S410), transmitting a resultof the determination for the opening by a door operating device 3000(S500), opening the door (S440), and a user terminal 2000 a changingaccess status information (S600).

According to some embodiments of the present invention, the transmissionof an authentication token to a first door communication unit 3110 maybe performed by the user terminal 2000 a (S400).

Also, according to some embodiments of the present invention, thedetermination of whether to open a door may be performed (S410).

Also, according to some embodiments of the present invention, thetransmission of a result of the determination for the opening may beperformed (S500).

The door control unit 3700 may execute control so that informationindicating that the door is allowed to be opened can be transmitted tothe user terminal 2000 a.

Alternatively, the door control unit 3700 may execute control so thatinformation indicating that the opening of the door has been rejectedcan be transmitted.

Also, the door control unit 3700 may execute control so that the accessstatus information can be transmitted to the user terminal 2000 a.

Also, according to some embodiments of the present invention, theopening of the door may be performed (S440).

Also, according to some embodiments of the present invention, the updateof an access status may be performed by the user terminal 2000 a (S600).

The user terminal 2000 a may receive access status information andupdate the received access status information.

The user terminal 2000 a may update the received access statusinformation and store the updated access status information. Forexample, when the access status indicates an entry state, the userterminal 2000 a may update the access status with an exit state andstore the updated access status. As another example, when the accessstatus is an exit state, the user terminal 2000 a may update the accessstatus with an entry state and store the updated access status.

4.2.4. Access Status Management Method—Fourth Modification

The fourth modification of the access status management method accordingto an embodiment of the present invention will be described below withreference to FIG. 15.

The fourth modification of the access status management method accordingto an embodiment of the present invention may be an embodiment in whichwhen access status information is abnormal and thus the opening of adoor is rejected, and the authentication server 1000 is requested toreissue the access status information.

FIG. 15 is a sequence chart showing the fourth modification of theaccess status management method according to an embodiment of thepresent invention.

Referring to FIG. 15, the fourth modification of the access statusmanagement method may include transmitting an authentication token(S400), determining whether to open a door (S410), transmitting anopening rejection message (S450), a user terminal 2000 a transmittingauthentication information and access status information to anauthentication server 1000 in order to request the authentication server1000 to update the access status information (S700), the authenticationserver 1000 updatting access status information (S710), and theauthentication server 1000 reissuing the access status information tothe user terminal 2000 a (S720).

According to some embodiments of the present invention, the transmissionof an authentication token to a first door communication unit 3110 maybe performed by the user terminal 2000 a (S400).

Also, according to some embodiments of the present invention, thedetermination of whether to open a door may be performed by the dooroperating device 3000 (S410).

Also, according to some embodiments of the present invention, thetransmission of an opening rejection message may be performed by thedoor operating device 3000 (S450).

When the access status information does not correspond to the first doorcommunication unit 3110, the door control unit 3700 may determine thatan access status is abnormal and may transmit the opening rejectionmessage to the user terminal 2000 a.

Also, according to some embodiments of the present invention, thetransmission of authentication information and access status informationto the authentication server 1000 to request the authentication server1000 to reissue the access status information may be performed by theuser terminal 2000 a (S700).

The user terminal 2000 a may transmit the authentication information andthe access status information to the authentication server 1000. Here,the authentication information may include at least one of userinformation, user identification information, a security key, and anauthentication token.

Also, the user terminal 2000 a does not necessarily have to transmit theauthentication information and the access status information to theauthentication server 1000 to request the authentication server 1000 toreissue the access status information. The user terminal 2000 a maytransmit at least one of the authentication information and the accessstatus information to request the authentication server 1000 to reissuethe access status information.

Also, when the access status information is included in theauthentication token, the transmission of the access status informationto the authentication server 1000 by the user terminal 2000 a may denotethat the user terminal 2000 a transmits the authentication token to theauthentication server 1000.

Also, when the access status information is implemented separately fromthe authentication token, the transmission of the access statusinformation to the authentication server 1000 by the user terminal 2000a may denote transmission of only the access status information.

Also, according to some embodiments of the present invention, theregeneration of access status information may be performed by theauthentication server 1000 (S710).

The authentication server 1000 may change the access status informationafter the authentication is performed on the basis of the acquiredauthentication information.

When a result of the user authentication is that the user is authorized,the authentication server 1000 may change the access status informationto regenerate the access status information. For example, when an accessstatus of the received access status information is an entry state, theauthentication server 1000 may change the access status to an exitstate.

Also, the authentication server 1000 may change the access status to astate requested by the user terminal 2000 a. For example, when theaccess status of which change to the entry state has been requested bythe user terminal 2000 a, the authentication server 1000 may change theaccess status of the access status information to the entry state.

Also, according to some embodiments of the present invention, thereissuance of the access status information to the user terminal 2000 amay be performed by the authentication server 1000 (S720).

The authentication server 1000 may reissue the access status informationto the user terminal 2000 a by transmitting the regenerated accessstatus information. Also, the authentication server 1000 may store achange history.

4.2.5. Access Status Management Method—Fifth Modification

The fifth modification of the access status management method accordingto an embodiment of the present invention will be described below withreference to FIG. 16.

The fifth modification of the access status management method accordingto an embodiment of the present invention may be an embodiment formanaging whether a user has actually passed.

For example, an entering user may transmit an authentication token to afirst door communication unit 3110 installed at the outer side, enterthe inner side after the door is opened, and acquire access statusinformation having a changed access status from a second doorcommunication unit 3120 installed at the inner side. Thus, it ispossible for only a user who has actually passed to acquire accessstatus information having a changed access status.

FIG. 16 is a sequence chart showing the fifth modification of the accessstatus management method according to an embodiment of the presentinvention.

Referring to FIG. 16, the fifth modification of the access statusmanagement method may include transmitting an authentication token(S400), determining whether to open a door (S410), changing an accessstatus (S420), opening the door (S440), and the second doorcommunication unit 3120 transmitting access status information (S800).

According to some embodiments of the present invention, the transmissionof an authentication token to the first door communication unit 3110 maybe performed by the user terminal 2000 a (S400).

Also, according to some embodiments of the present invention, thedetermination of whether to open a door may be performed by a doorcontrol unit 3700 (S410).

Also, according to some embodiments of the present invention, the changeof the access status information may be performed (S420).

Also, according to some embodiments of the present invention, theopening of the door may be performed (S440).

Also, according to some embodiments of the present invention, thetransmission of access status information may be performed by the seconddoor communication unit 3120 (S440).

The door control unit 3700 may execute control so that the second doorcommunication unit 3120 transmits the access status information to theuser terminal 2000 a.

When communication between the second door communication unit 3120 andthe user terminal 2000 a is established, the door control unit 3700 mayexecute control so that the second door communication unit 3120transmits the access status information to the user terminal 2000 a.

When the communication between the second door communication unit 3120and the user terminal 2000 a is not established within a predeterminedtime from at least one of an authentication token reception time point,a door opening determination time point, an access status change timepoint, and a door opening time point, the door control unit 3700 maycancel the transmission of the access status information.

4.2.6. Access Status Management Method—Sixth Modification

The sixth modification of the access status management method accordingto an embodiment of the present invention will be described below withreference to FIGS. 17 and 18.

The sixth modification may be an embodiment in which a door is providedin a hierarchical structure.

FIG. 17 is a surrounding view of a door with a hierarchical structureaccording to the sixth modification of the present invention.

As shown in FIG. 17, a space separated by a single door may include aseparate inner space. In FIG. 13, a first door operating device 3000 amay be provided at a first door 4000 a for separating a first innerspace from an outer space, and a second door operating device 3000 b maybe provided at a second door 4000 b for separating a second inner spacefrom the first inner space.

Accordingly, it is preferable that state information of such an innerspace and a high-ranked space be separately managed.

The sixth modification of the access status management method will bedescribed below with reference to FIG. 18.

FIG. 18 is a sequence chart showing the sixth modification of the accessstatus management method according to an embodiment of the presentinvention.

Referring to FIG. 18, the sixth modification of the access statusmanagement method may include a user terminal 2000 a transmitting anauthentication token to a first door operating device 3000 a (S900), thefirst door operating device 3000 a determining whether to open a door(S910), the first door operating device 3000 a changing access statusinformation (S920), the first door operating device 3000 a transmittingthe access status information (S930), opening a first door 4000 a(S440), the first door operating device 3000 a transmitting anauthentication token to a second door operating device 3000 b (S940),the second door operating device 3000 b determining whether to open adoor (S950), the second door operating device 3000 b changing accessstatus information (S960), the second door operating device 3000 btransmitting the access status information (S970), and opening a seconddoor 4000 b (S440).

According to some embodiments of the present invention, the transmissionof an authentication token to the first door operating device 3000 a maybe performed by the user terminal 2000 a (S900).

Also, according to some embodiments of the present invention, thedetermination of whether to open a door may be performed by the firstdoor operating device 3000 a (S910).

The first door operating device 3000 a may determine whether to open adoor on the basis of access status information and authority included inthe authentication token.

The first door operating device 3000 a may determine whether dooridentification information corresponding to the first door operatingdevice 3000 a is included in the authentication token. The first dooroperating device 3000 a may determine whether the authentication tokenhas authority when the door identification information corresponding tothe first door operating device 3000 a is included in the authenticationtoken.

The first door operating device 3000 a may determine whether anauthority value for a door corresponding to the first door operatingdevice 3000 a is included in the authentication token.

The first door operating device 3000 a may determine whether dooridentification information corresponding to the first door operatingdevice 3000 a is included in the authentication token. Also, the firstdoor operating device 3000 a may determine whether the authority valuecorresponding to the door identification information is an authorityvalue for passing through the door.

The first door operating device 3000 a may determine whether the accessstatus information included in the authentication information is normal.

The first door operating device 3000 a may determine whether an accessstatus for the first door operating device 3000 a included in the accessstatus information corresponds to a door communication unit 3100 thathas acquired the authentication token. In the following embodiment, itis assumed that the authentication token is acquired through the firstdoor communication unit 3110 of the first door operating device 3000 a.The first door operating device 3000 a may determine whether the accessstatus corresponds to the first door communication unit 3110 of thefirst door operating device 3000 a.

When the authentication token is authorized and also the access statusfor the first door operating device 3000 a included in theauthentication information corresponds to the first door communicationunit 3110 of the first door operating device 3000 a, the first dooroperating device 3000 a may determine that the door will be opened.

Also, according to some embodiments of the present invention, the changeof access status information may be performed by the first dooroperating device 3000 a (S920).

The first door operating device 3000 a may change the access status to asubsequent stage. For example, when the access status is an entry state,the first door operating device 3000 a may change the access status toan exit state.

Also, according to some embodiments of the present invention, thetransmission of the access status information may be performed by thefirst door operating device 3000 a (S930).

The first door operating device 3000 a may transmit access statusinformation having a changed access status for the first door operatingdevice 3000 a to the user terminal 2000 a.

The user terminal 2000 a may update the access status of theauthentication token with the access status information acquired fromthe first door operating device 3000 a. Alternatively, the user terminal2000 a may discard prestored access status information and may store theaccess status information acquired from the first door operating device3000 a.

Also, according to some embodiments of the present invention, theopening of a first door 4000 a may be performed by the first dooroperating device 3000 a (S440).

Also, according to some embodiments of the present invention, thetransmission of an authentication token to the second door operatingdevice 3000 b may be performed by the user terminal 2000 a (S940).

Also, according to some embodiments of the present invention, thedetermination of whether to open a door may be performed by the seconddoor operating device 3000 b (S950).

The second door operating device 3000 b may determine whether to openthe door on the basis of the access status information and authorityincluded in the authentication token.

The second door operating device 3000 b may determine whether dooridentification information corresponding to the second door operatingdevice 3000 b is included in the authentication token. When the dooridentification information corresponding to the second door operatingdevice 3000 b is included in the authentication token, the second dooroperating device 3000 b may determine that the authentication token hasan authority value.

The second door operating device 3000 b may determine whether anauthority value for a door corresponding to the second door operatingdevice 3000 b is included in the authentication token.

The second door operating device 3000 b may determine whether dooridentification information corresponding to the second door operatingdevice 3000 b is included in the authentication token. Also, the seconddoor operating device 3000 b may determine whether the authority valuecorresponding to the door identification information is an authorityvalue for passing through the door.

The second door operating device 3000 b may determine whether the accessstatus information included in the authentication information is normal.

The second door operating device 3000 b may determine whether an accessstatus for the second door operating device 3000 b included in theaccess status information corresponds to a door communication unit 3100that has acquired the authentication token. In the following embodiment,it is assumed that the authentication token is acquired through thefirst door communication unit 3110 of the second door operating device3000 b. The second door operating device 3000 b may determine whetherthe access status corresponds to a status corresponding to the firstdoor communication unit 3110 of the second door operating device 3000 b.

When the authentication token is authorized and also the access statusfor the second door operating device 3000 b included in theauthentication information corresponds to the first door communicationunit 3110 of the first door operating device 3000 a, the second dooroperating device 3000 b may determine to that the door will be opened.

Also, the second door operating device 3000 b may determine whether toopen the door in further consideration of the access status for thefirst door operating device 3000 a, which is a high-ranked layer.

When the access status for the first door operating device 3000 a isabnormal, the second door operating device 3000 b may refuse to open thedoor. For example, the access status for the first door operating device3000 a being abnormal may denote that it has been determined that theuser terminal 2000 a has not passed through the first door operatingdevice 3000 a. As a more detailed example, when the user terminal 2000 ahas passed through the first door operating device 3000 a, which is ahigh-ranked layer, the access status for the first door operating device3000 a has to be an exit state. When the access status for the firstdoor operating device 3000 a is an entry state, the second dooroperating device 3000 b may determine that the user terminal 2000 a hasabnormally passed through the first door operating device 3000 a and mayrefuse to open the door.

Also, according to some embodiments of the present invention, the changeof access status information may be performed by the second dooroperating device 3000 b (S960).

When it is determined to that the door will be opened, the second dooroperating device 3000 b may change the access status information.

The second door operating device 3000 b may change the access status fora subsequent stage. For example, when the access status for the seconddoor operating device 3000 b is an entry state, the second dooroperating device 3000 b may change the access status to an exit state.

Also, according to some embodiments of the present invention, thetransmission of the access status information may be performed by thesecond door operating device 3000 b (S970).

Also, according to some embodiments of the present invention, theopening of a second door 4000 b may be performed by the second dooroperating device 3000 b (S440).

Although the access control through the hierarchical structure between aplurality of door operating devices has been described above as anexample, the present invention is not limited thereto. The sixthmodification of the access status management method according to anembodiment of the present invention may be provided as a hierarchicalstructure between the door operating device 3000 and an electronicdevice. For example, when a request is made to use an electronic deviceby using an authentication token, the electronic device may determinewhether the user terminal 2000 a has entered through an entrance door ofa space where the electronic device is located on the basis of accessstatus information. When a result of the determination is that the userterminal 2000 a has entered through the entrance door of the space wherethe electronic device is located, the use of the electronic device maybe allowed. In this embodiment, the second door operating device 3000 bof the above-described sixth modification of the access statusmanagement method according to an embodiment of the present inventionmay be replaced with an electronic device, and the determination ofwhether to open the door, which is performed by the second dooroperating device 3000 b, may be replaced with determination of whetherto allow the electronic device to be used.

4.3. Forcible Authority Change Method

A forcible authority change method according to an embodiment of thepresent invention will be described below with reference to FIGS. 9 to12.

FIG. 19 is a surrounding view of a forcible authority change methodaccording to an embodiment of the present invention.

When the access control system 10000 is provided in a building or thelike, it is normally possible to limit an accessible zone by issuing anauthentication token according to assigned authority and allowing onlyan authorized door to be opened. However, it is preferable toexceptionally assign authority to open all doors or authority to open adoor necessary for evacuation when an exceptional event such as a fireand an earthquake occurs. When a failure occurs in communicationestablished between an access control server and an access controldevice in case of a fire or an earthquake, a conventional access controlsystem may fail to open a door for evacuation. However, the accesscontrol system 10000 of the present invention can solve this problem bythe authentication server 1000 issuing an authentication token that isforcibly authorized.

Also, the forcible authority change method according to an embodiment ofthe present invention may also be applied to a case in which the accessof an authorized user is temporarily restricted due to a securityconference, etc.

FIG. 20 is a sequence chart showing a forcible authorization changemethod according to an embodiment of the present invention.

Referring to FIG. 20, the forcible authorization change method mayinclude acquiring a request to change authorization (S1000), extractinga target of which authorization will be changed (S1010), andtransmitting an authentication token having updated authorization to theextracted target (S1020).

According to some embodiments of the present invention, the acquisitionof a request to change authorization may be performed (S1000). Therequest to change authorization may be provided by a user terminal 2000a.

The user terminal 2000 a may acquire authorization change requestinformation.

The authorization change request information may be information formaking a request to change a user's authority. The change of authorityaccording to the authorization change request information may denote acontinuous change of authorization, but the present invention is notlimited thereto. The change of authorization may denote a temporarychange in which at least one of a deadline and a condition is fixed.

Here, the target of which authorization will be changed may be at leastone of a user and a door 4000. When the target of which authorizationwill be changed is a user, the change of authorization may denote achange of authority assigned to the user. Also, when the target of whichauthorization will be changed is a door, the change of authorization maydenote a change of authorization performed by updating an authenticationtoken including the authority of the corresponding door.

The user terminal 2000 a may output an authorization change graphicaluser interface (GUI) for acquiring the authorization change requestinformation through a display unit.

The user terminal 2000 a may acquire information regarding the target ofwhich authorization will be changed. When the target of whichauthorization will be changed is a user, the user terminal 2000 a mayacquire information regarding the target of which authorization will bechanged through at least one of selection of a user of whichauthorization will be changed and input of user identificationinformation. Also, when the target of which authorization will bechanged is a door, the user terminal 2000 a may acquire informationregarding the target of which authorization will be changed through atleast one of selection of a door of which authorization will be changedand input of door identification information.

The user terminal 2000 a may acquire information regarding a changehistory.

When the target of which authorization will be changed is a user, theuser terminal 2000 a may acquire a change history regarding at least aportion of the assigned authority. For example, when authority for afirst door is granted to the user, the change history may includeinformation regarding withdrawal of the authority for the first door. Asanother example, when the user does not have authority for the firstdoor, the change history may include information regarding authority forthe first door. As another example, the change history may includeinformation regarding assignment of authority for the first door to onlya specified user.

As described above, the change history may include information regardingchanges of at least a portion of pre-assigned authority or unassignedauthority.

When the target of which authorization will be changed is a door, thechange history may include information regarding whether the access ofthe door of which authorization will be changed is forcibly restrictedor allowed. For example, when the target of which authorization will bechanged is a door, the change history may include information onrequests made to restrict the authority for the door of whichauthorization will be changed. As another example, the change historymay include information on requests made to forcibly allow authority forthe door of which authorization will be changed.

Also, according to some embodiments of the present invention, the changehistory may be occurrences of predetermined exceptional events. Forexample, the change history may include a fire.

In this case, the change history may include the opening of all doors.

The user terminal 2000 a may acquire information regarding a changecondition.

The change condition may be a condition that the change will be valid.

The change condition may include a change time and a target grade.

The changed time may be information regarding a time during which achange in authorization is valid. For example, depending on the changetime, the changed authorization may be valid during only a limited time.As another example, the changed authorization may be limited in validityaccording to the target grade.

The user terminal 2000 a may transmit the authorization change requestinformation to the authentication server 1000 in order to request theauthentication server 1000 to change authorization.

Also, according to some embodiments of the present invention, when thechange history is occurrences of specific events such as a fire, thechange condition may be omitted.

Also, according to some embodiments of the present invention, theextraction of a target of which authorization will be changed may beperformed (S1010).

The authentication server 1000 may extract a target included in theauthorization change request information.

In the following description, as an example, the target included in theauthorization change request information is a user. In this case, theauthentication server 1000 may extract a user of which authorizationwill be changed. The authentication server 1000 may extract a usercorresponding to user identification information included in the targetof which authorization will be changed as the user of whichauthorization will be changed. Also, the authentication server 1000 mayextract a user corresponding to a grade included in the target of whichauthorization will be changed as the user of which authorization will bechanged.

In the following description, as an example, the target included in theauthorization change request information is a door. In this case,different operations may be performed when the change history includesprevention of passage through the door and when the change historyincludes allowance of passage through the door.

When the change history includes prevention of passage through the door,the authentication server 1000 may extract a user authorized for thedoor as the target of which authorization will be changed.

Also, when the change history includes allowance of passage through thedoor, the authentication server 1000 may extract a user unauthorized forthe door as the target of which authorization will be changed.

Also, according to some embodiments of the present invention, when thechange history includes occurrence of a specific event such as a fire,the target of which authorization will be changed may be all users whoare registered or all users who have received an authentication token.

Also, according to some embodiments of the present invention, thetransmission of an authentication token having updated authority to theextracted target may be performed (S1020).

The authentication server 1000 may transmit an authentication havingchanged authorization on the basis of an authorization change historyfor each extracted user. For example, it is assumed that anauthentication token having authority for a first door is issued to userA, which is a target included in the authorization change requestinformation. In this case, when the authorization change historyincludes a request to withdraw the authority for the first door, theauthentication server 1000 may transmit a new authentication token notincluding the authority for the first door to a user terminal 2000 a ofuser A. Also, after receiving the new authentication token, the userterminal 2000 a of user A may discard an original authentication tokenand replace the discarded authentication token with the newauthentication token.

When a deadline and/or condition for the authorization change arecanceled, the authentication server 1000 may restore the originalauthentication token.

For example, the authentication server 1000 may transmit theauthentication token before the authorization change to the userterminal 2000 a to update the new authentication token with thetransmitted authentication token.

As another example, the authentication server 1000 may transmit acommand to the user terminal 2000 a so that the authentication tokenbefore the authorization change can be used.

The request to change the authorization is not necessarily acquiredthrough the user terminal 2000 a, but may be acquired from a managerterminal 2000 b.

Also, the authentication server 1000 may acquire the authorizationchange request information in association with a separate system such asa fire alarm system and a disaster management system.

Also, when it is determined that an exceptional event such as a fire anda disaster has occurred in association with a separate system such as afire alarm system and a disaster management system, the authenticationserver 1000 may determine that the request to change the authorizationis acquired, extract a target of which authorization will be changed,and transmit updated authentication information.

When it is determined that such an exceptional event has occurred, atarget to which the authentication information will be transmitted maybe preset by the authentication server 1000.

Also, when an exceptional event has occurred, the door operating device3000 may acquire a notification indicating that the exceptional eventhas occurred from the terminal 2000 and may determine whether theexceptional event has occurred on the basis of information included inthe authentication token.

According to some embodiments of the present invention, when it isdetermined that the exceptional event has occurred, the door operatingdevice 3000 may notify all connected door operating devices 3000 thatthe exceptional event has occurred. When the notification is received,all the door operating devices 3000 may change states of doors to enablethe doors to be kept open.

The door operating device 3000 may operate in different modes in asituation in which an exceptional event occurs and in a generalsituation.

FIG. 21 is an example diagram showing operations of a door operatingdevice 3000 according to an embodiment of the present invention in ageneral situation and in a situation in which an exceptional eventoccurs.

As shown in FIG. 21, in a general situation, the door operating device3000 may determine only a signal acquired in a first communication rangeas a normal signal. In detail, a door control unit 3700 may acquire asignal transmitted by a terminal 2000 through a door communication unit3100. Also, when the signal acquired through the door communication unit3100 is in the first communication range, the door control unit 3700 maydetermine the acquired signal as a normal signal. The door control unit3700 may determine whether the acquired signal is in the firstcommunication range on the basis of the strength of the signal. Also,when the signal acquired through the door communication unit 3100 is ina second communication range outside the first communication range, thedoor control unit 3700 may ignore the acquired signal.

Even though the acquired signal is in the second communication range,the door control unit 3700 may determine that acquired signal as anormal signal when an exceptional event has occurred.

When the signal occurs, the terminal 2000 may add an event occurrencenotification that the exceptional event has occurred to the signal andthen transmit the signal.

When the event occurrence notification indicating that the exceptionalevent has occurred is included in a signal acquired in the secondcommunication range, the door control unit 3700 does not ignore theacquired signal, but may determine the signal as a normal signal.

Also, when the event occurrence notification that the special event hasoccurred is included in the acquired signal, the door control unit 3700may perform a predetermined exceptional event operation. For example,the door control unit 3700 may perform an exceptional event operationfor keeping a door open. As another example, the door control unit 3700may perform an exceptional event operation for opening a doorirrespective of conditions such as the presence of authority.

Also, according to some embodiments of the present invention, theauthentication server 1000 may issue an authentication token, requiredby the terminal 2000 for the door operating device 3000, for registeringa specified user so that only the specified user can be allowed toenter. The terminal 2000 may transmit the authentication token forregistering the specified user to the door operating device 3000, andthe door operating device 3000 may determine that only a specified userincluded in the authentication token has authority to open a door.

4.4. Region-Linked Security Method

A region-linked security method according to an embodiment of thepresent invention will be described below with reference to FIGS. 22 to25.

FIG. 22 is a surrounding view of the region-linked security methodaccording to an embodiment of the present invention.

Referring to FIG. 22, the region-linked security method is an embodimentin which the use of an electronic device such as an office-specificelectronic device 6000 and a hotel-specific electronic device, which isprovided at a location accessible by a user, is allowed in considerationof at least one of the user's authorization and the user's access.

An office-specific electronic device 6000 provided in an office and anelectronic device provided in a hotel room such as a lighting device andan air conditioner need to be limited so that the devices can be used byonly a specified user.

However, when the user forgets a PC password or loses his or her hotelroom key, an unauthorized user may use the office-specific electronicdevice or the hotel-specific electronic device.

Accordingly, the region-linked security method according to anembodiment of the present invention can enhance security byauthentication server 1000 determining whether a user has actuallyentered a space where an electronic device is located and allowing theuse of the electronic device only when the user has entered the space.

FIG. 23 is a sequence chart showing the region-linked security methodaccording to an embodiment of the present invention.

Referring to FIG. 23, the region-linked security method may include auser terminal 2000 a transmitting entry history information to anauthentication server 1000 (S1100), the user terminal 2000 a requestingan office-specific electronic device 6000 to allow use of theoffice-specific electronic device 6000 (S1110), the office-specificelectronic device 6000 requesting user authentication from theauthentication server 1000 (S1120), the authentication server 1000executing the user authentication (S1130), the authentication server1000 transmitting a result of the authentication to the office-specificelectronic device 6000 (S1140), permitting the use of theoffice-specific electronic device 6000 (S1150), the user terminal 2000 atransmitting exit history information (S1160), and the authenticationserver 1000 transmitting a termination command to the office-specificelectronic device 6000 (S1170).

According to some embodiments of the present invention, the transmissionof entry history information to an authentication server 1000 may beperformed by a user terminal 2000 a (S1100). Here, the authenticationserver 1000 may be an authentication server 1000 that has issued anauthentication token or a separate authentication server other than theauthentication server 1000 that has issued the authentication token.

When permission information indicates that it has been determined thatthe user terminal 2000 a has authority, the user terminal 2000 a maytransmit the permission information and door identification informationregarding a permitted door.

The authentication server 1000 may acquire the permission informationand the door identification information from the user terminal 2000 aand may store the acquired permission information and dooridentification information.

The authentication server 1000 may determine a space the user hasentered on the basis of the permission information and the dooridentification information.

Also, according to some embodiments of the present invention, therequest for an office-specific electronic device 6000 to allow use ofthe office-specific electronic device 6000 may be performed by the userterminal 2000 a (S1110).

The user terminal 2000 a may transmit an authentication token to theoffice-specific electronic device 6000 to request use of theoffice-specific electronic device 6000. To this end, a communicationmeans for communicating with the user terminal 2000 a may be provided tothe office-specific electronic device 6000.

Alternatively, the office-specific electronic device 6000 may acquire ause request input directly from a user, not via the user terminal 2000a. To this end, the office-specific electronic device 6000 may have aninput means for acquiring a user input.

When the office-specific electronic device 6000 acquires a user requestthrough the user input, the office-specific electronic device 6000 mayacquire at least one of user information, user identificationinformation, and a security key corresponding to user identificationinformation through the user input.

Also, according to some embodiments of the present invention, therequest of user authentication from the authentication server 1000 maybe performed by the office-specific electronic device 6000 (S1120).

The office-specific electronic device 6000 may transmit the acquiredauthentication token to the authentication server 1000 to request userauthentication.

The office-specific electronic device 6000 may determine whetherauthority for the office-specific electronic device 6000 is included inthe acquired authentication token. When a result of the determination isthat the authority for the office-specific electronic device 6000 isincluded, the office-specific electronic device 6000 may transmit theauthentication token to the authentication server 1000 to request theuser authentication. Also, when a result of the determination is thatthe authority for the office-specific electronic device 6000 is notincluded, the office-specific electronic device 6000 may output arejection message for refusing the use.

Also, the office-specific electronic device 6000 may transmit at leastone of the acquired user information, user identification information,and security key corresponding to user identification information to theauthentication server 1000 to request the user authentication.

Also, according to some embodiments of the present invention, theexecution of the user authentication may be performed by theauthentication server 1000 (S1130).

The authentication server 1000 may determine whether a usercorresponding to the authentication token acquired from theoffice-specific electronic device 6000 has passed through a door. Theauthentication server 1000 may determine whether the user correspondingto the authentication token has entered a space where theoffice-specific electronic device 6000 is located through acorresponding door 4000 on the basis of at least one of storedpermission information, door identification information, and the accessstatus information.

Also, the authentication server 1000 may determine authoritycorresponding to the user identification information acquired from theoffice-specific electronic device 6000.

Also, according to some embodiments of the present invention, thetransmission of a result of the authentication to the office-specificelectronic device 6000 may be performed by the authentication server1000 (S1140).

When it is determined that the user corresponding to the authenticationtoken has entered the space where the office-specific electronic device6000 is located through the corresponding door, the authenticationserver 1000 may request the office-specific electronic device 6000 toallow use of the office-specific electronic device 6000.

The authentication server 1000 may transmit authentication informationcorresponding to the user identification information to theoffice-specific electronic device 6000 to request the office-specificelectronic device 6000 to allow use of a function included in theauthentication information.

When it is determined that the user corresponding to the useridentification information has entered the space where theoffice-specific electronic device 6000 is located through thecorresponding door, the authentication server 1000 may request theoffice-specific electronic device 6000 to permit the use.

Also, according to some embodiments of the present invention, thepermission of the use on the basis of the authentication result may beperformed by the office-specific electronic device 6000 (S1150).

The office-specific electronic device 6000 may permit the use of theoffice-specific electronic device 6000 when the user authenticationresult is permission.

Also, according to some embodiments of the present invention, thetransmission of exit history information may be performed by the userterminal 2000 a (S1160).

The authentication server 1000 may acquire from the user terminal 2000 ainformation indicating that the user has passed through the door to exitthe space where the office-specific electronic device 6000 is located.

Also, according to some embodiments of the present invention, thetransmission of a termination command to the office-specific electronicdevice 6000 may be performed by the authentication server 1000 (S1170).

When the information indicating that the user has passed through thedoor to move from the space where the office-specific electronic device6000 is located to the outside is acquired from the user terminal 2000a, the authentication server 1000 may request termination from theoffice-specific electronic device 6000. The termination of theoffice-specific electronic device 6000 may be at least one of apower-off operation, a screen saver operation, and a log-off operation.

4.4.1. Region-Linked Security Method—First Modification

The above-described region-linked security method may be variouslymodified depending on the use.

The first modification of the region-linked security method may be theauthentication server 1000 acquiring door access information from theuser terminal 2000 a and transmits a control command to an externalcontroller on the basis of the acquired door access information.

For convenience of description, an operation in a hotel room will bedescribed below as an example. Conventionally, a physical key has beenused to control access to the hotel room and control room functions ofthe hotel room. However, when such a physical key is used, it isinconvenient for the user to carry the physical key. Also, the user maywant to activate hotel room functions when he or she is out of the hotelroom. For example, even when the user leaves the hotel room, an airconditioner or a washing machine may need to operate. In this case, thephysical key should be located inside the hotel room in order toactivate the hotel room functions, and thus there is a problem in thatthe user cannot leave the hotel room. However, when the region-linkedsecurity method according to an embodiment of the present invention isapplied to the operation in the hotel room, the above-described physicalkey may be replaced with a user terminal, and it is possible to solvesuch a problem caused by the use of the physical key. An embodiment inwhich the region-linked security method according to an embodiment ofthe present invention is applied to the operation in the hotel room willbe described below in detail.

The first modification of the region-linked security method will bedescribed below with reference to FIG. 24.

FIG. 24 is a sequence chart showing the first modification of theregion-linked security method according to an embodiment of the presentinvention.

Referring to FIG. 24, while the first modification of the region-linkedsecurity method is described, operations between a user terminal and adoor operating device 3000 may be performed according to any one of thefirst and second sub-embodiments, and thus a detailed descriptionthereof will be omitted.

Referring to FIG. 24, the first modification of the region-linkedsecurity method may include a user terminal 2000 a transmitting entryhistory information to an authentication server 1000 (S1100), theauthentication server 1000 transmitting a room function activationcommand to a hotel controller 7000 (S1200), the hotel controller 7000activating a room function (S1205), the user terminal 2000 atransmitting exit history information to the authentication server 1000(S1210), the authentication server 1000 transmitting a room functiondeactivation command to the hotel controller 7000 (S1215), the hotelcontroller deactivating the room function (S1220), requesting activationof the function by the user terminal 2000 a (S1225), the authenticationserver 1000 transmitting a command to activate the requested function tothe hotel controller 7000 (S1230), the hotel controller 7000 activatingthe requested function of the corresponding room (1235) theauthentication server 1000 determining whether entry history informationhas been acquired within a predetermined amount time (S1240), theauthentication server 1000 transmitting a command to deactivate therequested function (S1245), and the hotel controller 7000 transmitting acommand to deactivate the requested function (S1250).

According to some embodiments of the present invention, the transmissionof entry history information to an authentication server 1000 may beperformed by a user terminal 2000 a (S1100).

The entry history information may include at least one of informationindicating that the door is permitted to open, door identificationinformation of the permitted door, and access status information.

When permission information indicating that it is determined that theuser terminal 2000 a has authority to open the door is received from thedoor operating device 3000, the user terminal 2000 a may transmit entryhistory information to the authentication server 1000.

The authentication server 1000 may acquire the entry history informationfrom the user terminal 2000 a and store the acquired entry historyinformation.

Also, the authentication server 1000 may determine a current location ofthe user terminal 2000 a on the basis of the entry history informationand store the current location.

According to some embodiments of the present invention, the transmissionof a room function activation command to a hotel controller 7000 may beperformed by the authentication server 1000 (S1200).

The authentication server 1000 may transmit a control command to thehotel controller 7000 on the basis of the entry history information.

The authentication server 1000 may determine into which room the userhas entered through the door 4000 on the basis of the entry historyinformation acquired from the user terminal 2000 a.

When it is determined that the user has entered the room, theauthentication server may transmit a room function activation command tothe hotel controller 7000 so that an operation of a specified electronicdevice among electronic devices in the room can be activated.

The activation and deactivation of the electronic device may be poweringon and off the electronic device. Alternatively, the activation anddeactivation of the electronic device may be supplying and shutting offpower to the electronic device.

Depending on the embodiment, the room function activation command may bea command to supply power to a corresponding room, and the room functiondeactivation command may be a command to shut off power to acorresponding room. Also, exceptional electronic devices such as arefrigerator, to which power always has to be supplied, may be excludedfrom targets of the room function activation command and the roomfunction deactivation command.

According to some embodiments of the present invention, the activationof a room function may be performed by the hotel controller 7000(S1205).

The hotel controller 7000 may perform control so that an operation of anelectronic device specified among electronic devices can be activated ina room in which it is determined that the user has entered on the basisof the room function activation command acquired from the authenticationserver 1000.

According to some embodiments of the present invention, the transmissionof exit history information to the authentication server 1000 may beperformed by the user terminal 2000 a (S1210).

The authentication server 1000 may acquire exit history informationindicating that the user has exited through the door from the userterminal 2000 a.

The exit history information may include at least one of informationindicating that the door is permitted to open, door identificationinformation of the permitted door, and access status information.

Here, the entry history information and the exit history information mayhave different access status information.

When permission information indicating that it is determined that theuser terminal 2000 a has authority to open the door is received from thedoor operating device 3000, the user terminal 2000 a may transmit theexit history information to the authentication server 1000.

The authentication server 1000 may acquire the exit history informationfrom the user terminal 2000 a and store the acquired exit historyinformation.

Also, the authentication server 1000 may determine that the userterminal 2000 a is out of the corresponding room on the basis of theexit history information and may store the determination.

According to some embodiments of the present invention, the transmissionof a room function deactivation command to the hotel controller 7000 maybe performed by the authentication server 1000 (S1215).

When it is determined that the user has exited the room, theauthentication server 1000 may transmit a room function deactivationcommand to the hotel controller 7000 so that the device in the room canbe deactivated.

According to some embodiments of the present invention, the deactivationof the room function may be performed by the hotel controller (S1220).

The hotel controller 7000 may perform control so that the function ofthe corresponding room can be deactivated on the basis of the roomfunction deactivation command.

According to some embodiments of the present invention, the request foractivation of the room function may be performed by the user terminal2000 a (S1225).

The authentication server 1000 may be requested by the user terminal2000 a to activate functions of at least some of the electronic devicesincluded in the room from the user terminal.

For example, the authentication server 1000 may be requested by the userterminal 2000 a to activate an air conditioner among the electronicdevices included in the room.

The user terminal 2000 a may output a graphic user interface (GUI) forreceiving a function selected to be activated, outputting selectablefunctions or all functions, and receiving an approval for a functionactivation request from the user.

According to some embodiments of the present invention, the transmissionof a command to activate the requested function to the hotel controller7000 may be performed by the authentication server 1000 (S1230).

The authentication server 1000 may transmit a command to activate therequested function to the hotel controller 7000 on the basis of thefunction activation request acquired from the user terminal 2000 a.

Also, the authentication server 1000 may determine whether the user hasauthority for the function included in the request. When it isdetermined that the user has authority for the function included in therequest, the authentication server 1000 may transmit a command toactivate the requested function to the hotel controller 7000.

Also, when it is determined that the user does not have authority forthe function included in the request, the authentication server 1000 maytransmit a rejection message to the user terminal 2000 a.

According to some embodiments of the present invention, the activationof the requested room function may be performed by the hotel controller7000 (S1235).

The hotel controller 7000 may activate an electronic device included inthe room on the basis of the acquired requested function activationcommand. For example, when the request included in the requestedfunction activation is to activate an air conditioner, the hotelcontroller 7000 may perform control so that the air conditioner can beactivated. Also, when a sub-request such as a desired temperature isincluded in the requested function activation command, the hotelcontroller may perform control so that the sub-request can be performed.For example, when the sub-command includes an indoor temperature of 24degrees, the hotel controller 7000 may control an air conditioner or aheater included in the room to maintain the indoor temperature of theroom at 24 degrees.

According to some embodiments of the present invention, thedetermination of whether entry history information has been acquired maybe performed by the authentication server 1000 (S1240).

For example, when the user terminal 2000 a makes a request to turn on alighting lamp in the room, the authentication server 1000 may transmit acontrol command to the hotel controller 7000 so that the lighting lampis turned on even though the user is out of the room.

The authentication server 1000 may determine whether the entry historyinformation is acquired after the function activation request isacquired.

In more detail, the authentication server 1000 may determine whetherentry history information corresponding to a door installed in the roomwas acquired from the user terminal 2000 a within a predetermined amountof time from a time at which the function activation request wasacquired and from a time at which a command to activate the requestedfunction was transmitted to the hotel controller 7000.

According to some embodiments of the present invention, the transmissionof a command to deactivate the requested function may be performed bythe authentication server 1000 (S1245).

When a result of determining whether the entry history information isacquired is that the entry history information corresponding to the doorinstalled in the room was not acquired from the user terminal 2000 awithin the predetermined amount of time, the authentication server 1000may transmit a command to deactivate the requested function to the hotelcontroller 7000. The command to deactivate the requested function may bea command to cancel the requested function activation command that haspreviously been transmitted to the hotel controller 7000 according tothe request from the user terminal 2000 a.

According to some embodiments of the present invention, the transmissionof a command to deactivate the requested function may be performed bythe hotel controller 7000 (S1250).

The hotel controller 7000 may perform control so that the function thathas been activated in S1235 can be deactivated.

As another example, the hotel controller 7000 may cancel the command inS1235 on the basis of the command to deactivate the requested function.

4.4.2. Region-Linked Security Method—Second Modification

The second modification of the region-linked security method will bedescribed below with reference to FIG. 25.

FIG. 25 is a flowchart showing the second modification of theregion-linked security method according to an embodiment of the presentinvention.

Referring to FIG. 25, the second modification of the region-linkedsecurity method may include acquiring first door access historyinformation (S1300), activating a room function (S1310), determiningwhether second door access history information has been acquired(S1320), maintaining the activation of the room function (S1330),deactivating the room function (S1340), acquiring the second door accesshistory information (S1350), and activating the room function (S1360).

According to some embodiments of the present invention, the acquisitionof first door access history information may be performed (S1300).

When permission information indicating that it has been determined thatthe user terminal 2000 a has authority to open a first door is receivedfrom the first door operating device 3000 a, the user terminal 2000 amay transmit the first door access history information to theauthentication server 1000.

The first door may be a predetermined door other than a door of a roomwhere the user stays. For example, the first door may be at least onedoor of a hotel lobby. As another example, the first door may be a doorfor entering a hallway for the room where the user stays.

The authentication server 1000 may acquire the first door access historyinformation from the user terminal 2000 a and store the acquired firstdoor access history information.

Also, the authentication server 1000 may determine that the user of theuser terminal 2000 a has entered the first door on the basis of theentry history information and may store the determination.

Also, according to some embodiments of the present invention, theactivation of a room function may be performed (S1310).

The authentication server 1000 may transmit a control command to thehotel controller 7000 on the basis of the first door access historyinformation.

The authentication server 1000 may transmit a room function activationcommand to the hotel controller 7000 so that the user terminal 2000 acan activate an operation of an electronic device specified amongelectronic devices in the room where the user stays on the basis of thefirst entry history information acquired from the user terminal 2000 a.

The activation and deactivation of the electronic device may be poweringon and off the electronic device. Alternatively, the activation anddeactivation of the electronic device may be supplying and shutting offpower to the electronic device.

Depending on the embodiment, the room function activation command may bea command to supply power to a corresponding room, and the room functiondeactivation command may be a command to shut off power to acorresponding room. Also, exceptional electronic devices such as arefrigerator, to which power always has to be supplied, may be excludedfrom targets of the room function activation command and the roomfunction deactivation command.

Also, according to some embodiments of the present invention, thedetermination of whether second door access history information has beenacquired may be performed (S1320).

The authentication server 1000 may determine whether the second dooraccess history information regarding a second door provided at the roomwhere the user stays has been acquired.

In more detail, the authentication server 1000 may determine whether thesecond door access history information has been acquired from the userterminal 2000 a within a predetermined amount of time from a time atwhich the first door access history information was acquired or from atime at which the room function activation command was transmitted tothe hotel controller 7000.

Also, according to some embodiments of the present invention, themaintenance of the activation of the room function may be performed(S1330).

When the second door access history information is acquired, theauthentication server 1000 may maintain the activation of the roomfunction. In more detail, the authentication server 1000 may maintainthe activation of the room function when the second door access historyinformation has been acquired from the user terminal 2000 a within apredetermined time from a time at which the first door access historyinformation was acquired or from a time at which the room functionactivation command was transmitted to the hotel controller 7000.

The maintenance of the activation of the room function may be nottransmitting a cancellation command for the room function activationcommand or a room function deactivation command to the hotel controller7000.

Also, according to some embodiments of the present invention, thedeactivation of the room function may be performed (S1340).

When the second door access history information is not acquired, theauthentication server 1000 may transmit the room function deactivationcommand to the hotel controller 7000 so that the room function can bedeactivated. In more detail, the authentication server 1000 may transmitthe room function deactivation command to the hotel controller 7000 whenthe second door access history information has not been acquired fromthe user terminal 2000 a within the predetermined time from the time atwhich the first door access history information was acquired or from thetime at which the room function activation command was transmitted tothe hotel controller 7000.

Also, according to some embodiments of the present invention, theacquisition of the second door access history information may beperformed (S1350).

When permission information indicating that it has been determined thatthe user terminal 2000 a has authority to open a second door has beenreceived from a second door operating device 3000 b, the user terminal2000 a may transmit the second door access history information to theauthentication server 1000.

The second door may be a door of the room where the user stays. Forexample, the second door may be an access door of the room where theuser stays.

The authentication server 1000 may acquire the second door accesshistory information from the user terminal 2000 a and store the acquiredsecond door access history information.

Also, the authentication server 1000 may determine that the user of theuser terminal 2000 a has entered the second door on the basis of thesecond door access history information and may store the determination.

Also, according to some embodiments of the present invention, theactivation of the room function may be performed (S1340).

The authentication server 1000 may transmit a room function activationcommand to the hotel controller 7000 so that the user terminal 2000 acan activate an operation of an electronic device specified amongelectronic devices in the room where the user stays on the basis of thesecond entry history information acquired from the user terminal 2000 a.

Accordingly, the modification of the region-linked security methodaccording to an embodiment of the present invention can prevent, eventhough a door key or a door card is lost, an unauthorized person fromusing electronic devices in a room because the electronic devices arenot activated when it has not been confirmed that a user has entered theroom. Also, the modification of the region-linked security methodaccording to an embodiment of the present invention can increase auser's convenience by being able to request activation of some functionseven while the user is out.

According to the present invention, it is possible to enhance a user'sconvenience by utilizing an authentication token to open an authorizeddoor without the need for additional authentication while theauthentication token is valid.

Also, according to the present invention, it is possible to enhance auser's convenience by opening an authorized door while theauthentication token is valid even though an authentication server isdisabled or communication between an authentication token and a dooroperating device is disconnected.

Also, according to the present invention, it is possible to manageauthorized use of a user by considering access status information forentry or exit.

Also, according to the present invention, it is possible to quickly andaccurately support evacuation of users by forcibly updating theauthentication token when an exceptional event such as an emergency hasoccurred.

Also, according to the present invention, it is possible to strengthensecurity against use of an electronic device by an unauthorized intruderby permitting the use of the electronic device in consideration ofwhether there is an entry to a corresponding space.

Advantageous effects of the invention are not limited to theaforementioned effects, and other advantageous effects that are notdescribed herein will be clearly understood by those skilled in the artfrom the following description and the accompanying drawings.

While the elements and features of the present invention have beendescribed with reference to embodiments of the present invention, thepresent invention is not limited thereto. It will be obvious to thoseskilled in the art that various changes or modifications may be madetherein without departing from the spirit and scope of the presentinvention. Accordingly, such changes or modifications are intended tofall within the scope of the appended claims.

1. An access control method in which a door operating device determineswhether to open a door on the basis of an authentication token acquiredfrom a user terminal without intervention of an authentication server,the access control method comprising: obtaining the authentication tokenfrom the user terminal; determining whether the user have authorizationfor accessing the door based on a authentication information included inthe authentication token; controlling the door to be opened in case ofdetermination that the user have authorization for accessing the door.2. The access control method of claim 1, wherein the authenticationinformation includes identification information of the door operatingdevice, to which authority is assigned, and wherein when identificationinformation of at least one of the door operating device and the door isincluded in the authentication information, the door operating devicedetermines that the user terminal has the authority to access the door.3. The access control method of claim 1, wherein the authenticationinformation includes at least one of the identification information ofthe door operating device and the identification information of thedoor, which are stored in the authentication server, and includes anauthority value corresponding to the identification information, andwherein the authentication information includes identificationinformation of at least one of the door operating device and the door,and when the authority value corresponding to the identificationinformation is a predetermined value indicating that there is authority,the door operating device determines that the user terminal has theauthority to access the door.
 4. The access control method of claim 1,wherein the authentication token includes at least one of authenticationinformation, an authentication validity condition, authentication tokenstate information, issuer information, and receiver information.
 5. Theaccess control method of claim 4, wherein the door operating devicedetermines whether the authentication token is valid, and refuses toopen the door when it is determined that the authentication token is notvalid even though it is determined that the user terminal has theauthority to access the door.
 6. The access control method of claim 5,wherein when it is determined that the authentication token has expiredon the basis of the authentication token state information, the dooroperating device determines that the authentication token is not valid.7. The access control method of claim 5, wherein the door operatingdevice determines whether the authentication token is valid on the basisof the authentication validity condition, and wherein the authenticationvalidity condition includes at least one of a valid period, a validlocation, and the number of times of use.
 8. The access control methodof claim 7, wherein the valid period is a valid period valuecorresponding to a period of time remaining until a critical time atwhich the authentication token is determined as being invalid orcorresponding to an elapsed time from a time point when theauthentication token is issued, and wherein the door operating devicedetermines that the authentication token is not valid when the validperiod value is the same as a predetermined threshold.
 9. The accesscontrol method of claim 7, wherein the authentication token includesinformation about the user terminal at the time point when theauthentication token was issued, and wherein when the information aboutthe user terminal at the time point when the authentication token wasissued is not included in a location information range included in thevalid location, the door operating device determines that theauthentication token is not valid.
 10. The access control method ofclaim 7, wherein when the number of times of use is greater than orequal to a predetermined number of times, the door operating devicedetermines that the authentication token is not valid.
 11. The accesscontrol method of claim 1, further comprising the door operating devicetransmitting a result of determining whether the user terminal has theauthority to access the door to the user terminal.
 12. The accesscontrol method of claim 1, wherein the authentication token is updatedby the user terminal transmitting a prestored update token matched tothe authentication token to the authentication server.
 13. The accesscontrol method of claim 1, wherein the authentication informationincluded in the authentication token includes at least one of authorityfor a space, authority for a door, and authority for an electronicdevice.
 14. An access control method performed by opening a plurality ofdoors for entering or exiting a single space by means of anauthentication token acquired through one-time authentication, theaccess control method comprising: obtaining an authentication token froma user terminal by a first door operating device, which is provided at afirst door among the plurality of doors; determining whether the userterminal has authority to access the first door on the basis ofauthentication information included in the authentication token by thefirst door operating device; Unlocking the first door when the userterminal has the authority to access the first door by the first dooroperating device; obtaining the authentication token from the userterminal by a second door operating device, which is provided at asecond door among the plurality of doors; determining whether the userterminal has authority to access the second door on the basis of theauthentication information included in the authentication token by thesecond door operating device; and unlocking the second door when it isdetermined that the user terminal has the authority to access the seconddoor by the second door operating device.
 15. A non-transitory recordingmedium having a program recorded thereon for executing the method of anyone of claim
 1. 16. A door operating device configured to determinewhether to open a door on the basis of an authentication token acquiredfrom a user terminal without intervention of an authentication server,the door operating device comprising: a door communication unitconfigured to acquire the authentication token from the user terminal; adoor driving unit configured to provide power necessary to open thedoor; and a door control unit configured to determine whether the userterminal has authority to access the door on the basis of authenticationinformation included in the authentication token and configured tocontrol the door driving unit to open the door when it is determinedthat the user terminal has the authority to access the door.